mirror of
https://github.com/bitwarden/server.git
synced 2024-11-21 12:05:42 +01:00
Merge remote-tracking branch 'origin/main' into ac/pm-11360/remove-vault-export-permission-for-providers
This commit is contained in:
commit
bf4b1f3d5c
@ -23,7 +23,7 @@
|
|||||||
@RenderBody()
|
@RenderBody()
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="container footer text-muted">
|
<div class="container footer text-body-secondary">
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col">
|
<div class="col">
|
||||||
© @DateTime.Now.Year, Bitwarden Inc.
|
© @DateTime.Now.Year, Bitwarden Inc.
|
||||||
|
37
bitwarden_license/src/Sso/package-lock.json
generated
37
bitwarden_license/src/Sso/package-lock.json
generated
@ -9,10 +9,9 @@
|
|||||||
"version": "0.0.0",
|
"version": "0.0.0",
|
||||||
"license": "-",
|
"license": "-",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"bootstrap": "4.6.2",
|
"bootstrap": "5.3.3",
|
||||||
"font-awesome": "4.7.0",
|
"font-awesome": "4.7.0",
|
||||||
"jquery": "3.7.1",
|
"jquery": "3.7.1"
|
||||||
"popper.js": "1.16.1"
|
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"css-loader": "7.1.2",
|
"css-loader": "7.1.2",
|
||||||
@ -384,6 +383,17 @@
|
|||||||
"url": "https://opencollective.com/parcel"
|
"url": "https://opencollective.com/parcel"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"node_modules/@popperjs/core": {
|
||||||
|
"version": "2.11.8",
|
||||||
|
"resolved": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz",
|
||||||
|
"integrity": "sha512-P1st0aksCrn9sGZhp8GMYwBnQsbvAWsZAX44oXNNvLHGqAOcoVxmjZiohstwQ7SqKnbR47akdNi+uleWD8+g6A==",
|
||||||
|
"license": "MIT",
|
||||||
|
"peer": true,
|
||||||
|
"funding": {
|
||||||
|
"type": "opencollective",
|
||||||
|
"url": "https://opencollective.com/popperjs"
|
||||||
|
}
|
||||||
|
},
|
||||||
"node_modules/@types/estree": {
|
"node_modules/@types/estree": {
|
||||||
"version": "1.0.6",
|
"version": "1.0.6",
|
||||||
"resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.6.tgz",
|
"resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.6.tgz",
|
||||||
@ -702,9 +712,9 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
"node_modules/bootstrap": {
|
"node_modules/bootstrap": {
|
||||||
"version": "4.6.2",
|
"version": "5.3.3",
|
||||||
"resolved": "https://registry.npmjs.org/bootstrap/-/bootstrap-4.6.2.tgz",
|
"resolved": "https://registry.npmjs.org/bootstrap/-/bootstrap-5.3.3.tgz",
|
||||||
"integrity": "sha512-51Bbp/Uxr9aTuy6ca/8FbFloBUJZLHwnhTcnjIeRn2suQWsWzcuJhGjKDB5eppVte/8oCdOL3VuwxvZDUggwGQ==",
|
"integrity": "sha512-8HLCdWgyoMguSO9o+aH+iuZ+aht+mzW0u3HIMzVu7Srrpv7EBBxTnrFlSCskwdY1+EOFQSm7uMJhNQHkdPcmjg==",
|
||||||
"funding": [
|
"funding": [
|
||||||
{
|
{
|
||||||
"type": "github",
|
"type": "github",
|
||||||
@ -715,10 +725,8 @@
|
|||||||
"url": "https://opencollective.com/bootstrap"
|
"url": "https://opencollective.com/bootstrap"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"license": "MIT",
|
|
||||||
"peerDependencies": {
|
"peerDependencies": {
|
||||||
"jquery": "1.9.1 - 3",
|
"@popperjs/core": "^2.11.8"
|
||||||
"popper.js": "^1.16.1"
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"node_modules/braces": {
|
"node_modules/braces": {
|
||||||
@ -1577,17 +1585,6 @@
|
|||||||
"node": ">=8"
|
"node": ">=8"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"node_modules/popper.js": {
|
|
||||||
"version": "1.16.1",
|
|
||||||
"resolved": "https://registry.npmjs.org/popper.js/-/popper.js-1.16.1.tgz",
|
|
||||||
"integrity": "sha512-Wb4p1J4zyFTbM+u6WuO4XstYx4Ky9Cewe4DWrel7B0w6VVICvPwdOpotjzcf6eD8TsckVnIMNONQyPIUFOUbCQ==",
|
|
||||||
"deprecated": "You can find the new Popper v2 at @popperjs/core, this package is dedicated to the legacy v1",
|
|
||||||
"license": "MIT",
|
|
||||||
"funding": {
|
|
||||||
"type": "opencollective",
|
|
||||||
"url": "https://opencollective.com/popperjs"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"node_modules/postcss": {
|
"node_modules/postcss": {
|
||||||
"version": "8.4.47",
|
"version": "8.4.47",
|
||||||
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.47.tgz",
|
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.47.tgz",
|
||||||
|
@ -8,10 +8,9 @@
|
|||||||
"build": "webpack"
|
"build": "webpack"
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"bootstrap": "4.6.2",
|
"bootstrap": "5.3.3",
|
||||||
"font-awesome": "4.7.0",
|
"font-awesome": "4.7.0",
|
||||||
"jquery": "3.7.1",
|
"jquery": "3.7.1"
|
||||||
"popper.js": "1.16.1"
|
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"css-loader": "7.1.2",
|
"css-loader": "7.1.2",
|
||||||
|
@ -13,8 +13,6 @@ module.exports = {
|
|||||||
entry: {
|
entry: {
|
||||||
site: [
|
site: [
|
||||||
path.resolve(__dirname, paths.sassDir, "site.scss"),
|
path.resolve(__dirname, paths.sassDir, "site.scss"),
|
||||||
|
|
||||||
"popper.js",
|
|
||||||
"bootstrap",
|
"bootstrap",
|
||||||
"jquery",
|
"jquery",
|
||||||
"font-awesome/css/font-awesome.css",
|
"font-awesome/css/font-awesome.css",
|
||||||
|
@ -103,19 +103,19 @@
|
|||||||
|
|
||||||
<div class="d-flex mt-4">
|
<div class="d-flex mt-4">
|
||||||
<button type="submit" class="btn btn-primary" form="edit-form">Save</button>
|
<button type="submit" class="btn btn-primary" form="edit-form">Save</button>
|
||||||
<div class="ml-auto d-flex">
|
<div class="ms-auto d-flex">
|
||||||
@if (canInitiateTrial && Model.Provider is null)
|
@if (canInitiateTrial && Model.Provider is null)
|
||||||
{
|
{
|
||||||
<button class="btn btn-secondary mr-2" type="button" id="teams-trial">
|
<button class="btn btn-secondary me-2" type="button" id="teams-trial">
|
||||||
Teams Trial
|
Teams Trial
|
||||||
</button>
|
</button>
|
||||||
<button class="btn btn-secondary mr-2" type="button" id="enterprise-trial">
|
<button class="btn btn-secondary me-2" type="button" id="enterprise-trial">
|
||||||
Enterprise Trial
|
Enterprise Trial
|
||||||
</button>
|
</button>
|
||||||
}
|
}
|
||||||
@if (canUnlinkFromProvider && Model.Provider is not null)
|
@if (canUnlinkFromProvider && Model.Provider is not null)
|
||||||
{
|
{
|
||||||
<button class="btn btn-outline-danger mr-2"
|
<button class="btn btn-outline-danger me-2"
|
||||||
onclick="return unlinkProvider('@Model.Organization.Id');">
|
onclick="return unlinkProvider('@Model.Organization.Id');">
|
||||||
Unlink provider
|
Unlink provider
|
||||||
</button>
|
</button>
|
||||||
@ -124,7 +124,7 @@
|
|||||||
{
|
{
|
||||||
<form asp-action="DeleteInitiation" asp-route-id="@Model.Organization.Id" id="initiate-delete-form">
|
<form asp-action="DeleteInitiation" asp-route-id="@Model.Organization.Id" id="initiate-delete-form">
|
||||||
<input type="hidden" name="AdminEmail" id="AdminEmail" />
|
<input type="hidden" name="AdminEmail" id="AdminEmail" />
|
||||||
<button class="btn btn-danger mr-2" type="submit">Request Delete</button>
|
<button class="btn btn-danger me-2" type="submit">Request Delete</button>
|
||||||
</form>
|
</form>
|
||||||
<form asp-action="Delete" asp-route-id="@Model.Organization.Id"
|
<form asp-action="Delete" asp-route-id="@Model.Organization.Id"
|
||||||
onsubmit="return confirm('Are you sure you want to hard delete this organization?')">
|
onsubmit="return confirm('Are you sure you want to hard delete this organization?')">
|
||||||
|
@ -5,21 +5,31 @@
|
|||||||
|
|
||||||
<h1>Organizations</h1>
|
<h1>Organizations</h1>
|
||||||
|
|
||||||
<form class="form-inline mb-2" method="get">
|
<form class="row row-cols-lg-auto g-3 align-items-center mb-2" method="get">
|
||||||
<label class="sr-only" asp-for="Name">Name</label>
|
<div class="col-12">
|
||||||
<input type="text" class="form-control mb-2 mr-2" placeholder="Name" asp-for="Name" name="name">
|
<label class="visually-hidden" asp-for="Name">Name</label>
|
||||||
<label class="sr-only" asp-for="UserEmail">User email</label>
|
<input type="text" class="form-control" placeholder="Name" asp-for="Name" name="name">
|
||||||
<input type="text" class="form-control mb-2 mr-2" placeholder="User email" asp-for="UserEmail" name="userEmail">
|
</div>
|
||||||
|
<div class="col-12">
|
||||||
|
<label class="visually-hidden" asp-for="UserEmail">User email</label>
|
||||||
|
<input type="text" class="form-control" placeholder="User email" asp-for="UserEmail" name="userEmail">
|
||||||
|
</div>
|
||||||
@if(!Model.SelfHosted)
|
@if(!Model.SelfHosted)
|
||||||
{
|
{
|
||||||
<label class="sr-only" asp-for="Paid">Customer</label>
|
<div class="col-12">
|
||||||
<select class="form-control mb-2 mr-2" asp-for="Paid" name="paid">
|
<label class="visually-hidden" asp-for="Paid">Customer</label>
|
||||||
|
<select class="form-select" asp-for="Paid" name="paid">
|
||||||
<option asp-selected="!Model.Paid.HasValue" value="">-- Customer --</option>
|
<option asp-selected="!Model.Paid.HasValue" value="">-- Customer --</option>
|
||||||
<option asp-selected="Model.Paid.GetValueOrDefault(false)" value="true">Paid</option>
|
<option asp-selected="Model.Paid.GetValueOrDefault(false)" value="true">Paid</option>
|
||||||
<option asp-selected="!Model.Paid.GetValueOrDefault(true)" value="false">Freeloader</option>
|
<option asp-selected="!Model.Paid.GetValueOrDefault(true)" value="false">Freeloader</option>
|
||||||
</select>
|
</select>
|
||||||
|
</div>
|
||||||
}
|
}
|
||||||
<button type="submit" class="btn btn-primary mb-2" title="Search"><i class="fa fa-search"></i> Search</button>
|
<div class="col-12">
|
||||||
|
<button type="submit" class="btn btn-primary" title="Search">
|
||||||
|
<i class="fa fa-search"></i> Search
|
||||||
|
</button>
|
||||||
|
</div>
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
<div class="table-responsive">
|
<div class="table-responsive">
|
||||||
@ -68,7 +78,7 @@
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
<i class="fa fa-smile-o fa-lg fa-fw text-muted" title="Freeloader"></i>
|
<i class="fa fa-smile-o fa-lg fa-fw text-body-secondary" title="Freeloader"></i>
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@if(org.MaxStorageGb.HasValue && org.MaxStorageGb > 1)
|
@if(org.MaxStorageGb.HasValue && org.MaxStorageGb > 1)
|
||||||
@ -78,7 +88,7 @@
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
<i class="fa fa-plus-square-o fa-lg fa-fw text-muted"
|
<i class="fa fa-plus-square-o fa-lg fa-fw text-body-secondary"
|
||||||
title="No Additional Storage"></i>
|
title="No Additional Storage"></i>
|
||||||
}
|
}
|
||||||
@if(org.Enabled)
|
@if(org.Enabled)
|
||||||
@ -88,7 +98,7 @@
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
<i class="fa fa-times-circle-o fa-lg fa-fw text-muted" title="Disabled"></i>
|
<i class="fa fa-times-circle-o fa-lg fa-fw text-body-secondary" title="Disabled"></i>
|
||||||
}
|
}
|
||||||
@if(org.TwoFactorIsEnabled())
|
@if(org.TwoFactorIsEnabled())
|
||||||
{
|
{
|
||||||
@ -96,7 +106,7 @@
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
<i class="fa fa-unlock fa-lg fa-fw text-muted" title="2FA Not Enabled"></i>
|
<i class="fa fa-unlock fa-lg fa-fw text-body-secondary" title="2FA Not Enabled"></i>
|
||||||
}
|
}
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
@ -9,12 +9,18 @@
|
|||||||
<h1>Add Existing Organization</h1>
|
<h1>Add Existing Organization</h1>
|
||||||
<div class="row mb-2">
|
<div class="row mb-2">
|
||||||
<div class="col">
|
<div class="col">
|
||||||
<form class="form-inline mb-2" method="get" asp-route-id="@providerId">
|
<form class="row g-3 align-items-center mb-2" method="get" asp-route-id="@providerId">
|
||||||
<label class="sr-only" asp-for="OrganizationName"></label>
|
<div class="col">
|
||||||
<input type="text" class="form-control mb-2 mr-2 flex-fill" placeholder="@Html.DisplayNameFor(m => m.OrganizationName)" asp-for="OrganizationName" name="name">
|
<label class="visually-hidden" asp-for="OrganizationName"></label>
|
||||||
<label class="sr-only" asp-for="OrganizationOwnerEmail"></label>
|
<input type="text" class="form-control" placeholder="@Html.DisplayNameFor(m => m.OrganizationName)" asp-for="OrganizationName" name="name">
|
||||||
<input type="email" class="form-control mb-2 mr-2 flex-fill" placeholder="@Html.DisplayNameFor(m => m.OrganizationOwnerEmail)" asp-for="OrganizationOwnerEmail" name="ownerEmail">
|
</div>
|
||||||
<button type="submit" class="btn btn-primary mb-2" title="Search" formmethod="get"><i class="fa fa-search"></i> Search</button>
|
<div class="col">
|
||||||
|
<label class="visually-hidden" asp-for="OrganizationOwnerEmail"></label>
|
||||||
|
<input type="email" class="form-control" placeholder="@Html.DisplayNameFor(m => m.OrganizationOwnerEmail)" asp-for="OrganizationOwnerEmail" name="ownerEmail">
|
||||||
|
</div>
|
||||||
|
<div class="col-auto">
|
||||||
|
<button type="submit" class="btn btn-primary" title="Search" formmethod="get"><i class="fa fa-search"></i> Search</button>
|
||||||
|
</div>
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
@ -22,23 +22,23 @@
|
|||||||
<h1>Create Provider</h1>
|
<h1>Create Provider</h1>
|
||||||
<form method="post" asp-action="Create">
|
<form method="post" asp-action="Create">
|
||||||
<div asp-validation-summary="All" class="alert alert-danger"></div>
|
<div asp-validation-summary="All" class="alert alert-danger"></div>
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="Type" class="h2"></label>
|
<label asp-for="Type" class="form-label h2"></label>
|
||||||
@foreach (var providerType in providerTypes)
|
@foreach (var providerType in providerTypes)
|
||||||
{
|
{
|
||||||
var providerTypeValue = (int)providerType;
|
var providerTypeValue = (int)providerType;
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col">
|
<div class="col">
|
||||||
<div class="form-check">
|
<div class="form-check">
|
||||||
@Html.RadioButtonFor(m => m.Type, providerType, new { id = $"providerType-{providerTypeValue}", @class = "form-check-input" })
|
@Html.RadioButtonFor(m => m.Type, providerType, new { id = $"providerType-{providerTypeValue}", @class = "form-check-input" })
|
||||||
@Html.LabelFor(m => m.Type, providerType.GetDisplayAttribute()?.GetName(), new { @class = "form-check-label align-middle", @for = $"providerType-{providerTypeValue}" })
|
@Html.LabelFor(m => m.Type, providerType.GetDisplayAttribute()?.GetName(), new { @class = "form-check-label", @for = $"providerType-{providerTypeValue}" })
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col">
|
<div class="col">
|
||||||
@Html.LabelFor(m => m.Type, providerType.GetDisplayAttribute()?.GetDescription(), new { @class = "form-check-label small text-muted align-top", @for = $"providerType-{providerTypeValue}" })
|
@Html.LabelFor(m => m.Type, providerType.GetDisplayAttribute()?.GetDescription(), new { @class = "form-check-label small text-body-secondary ps-4", @for = $"providerType-{providerTypeValue}" })
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
@ -6,22 +6,22 @@
|
|||||||
|
|
||||||
<h1>Create Managed Service Provider</h1>
|
<h1>Create Managed Service Provider</h1>
|
||||||
<div>
|
<div>
|
||||||
<form class="form-group" method="post" asp-action="CreateMsp">
|
<form method="post" asp-action="CreateMsp">
|
||||||
<div asp-validation-summary="All" class="alert alert-danger"></div>
|
<div asp-validation-summary="All" class="alert alert-danger"></div>
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="OwnerEmail"></label>
|
<label asp-for="OwnerEmail" class="form-label"></label>
|
||||||
<input type="text" class="form-control" asp-for="OwnerEmail">
|
<input type="text" class="form-control" asp-for="OwnerEmail">
|
||||||
</div>
|
</div>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="TeamsMonthlySeatMinimum"></label>
|
<label asp-for="TeamsMonthlySeatMinimum" class="form-label"></label>
|
||||||
<input type="number" class="form-control" asp-for="TeamsMonthlySeatMinimum">
|
<input type="number" class="form-control" asp-for="TeamsMonthlySeatMinimum">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="EnterpriseMonthlySeatMinimum"></label>
|
<label asp-for="EnterpriseMonthlySeatMinimum" class="form-label"></label>
|
||||||
<input type="number" class="form-control" asp-for="EnterpriseMonthlySeatMinimum">
|
<input type="number" class="form-control" asp-for="EnterpriseMonthlySeatMinimum">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
@ -7,17 +7,17 @@
|
|||||||
ViewData["Title"] = "Create Multi-organization Enterprise Provider";
|
ViewData["Title"] = "Create Multi-organization Enterprise Provider";
|
||||||
}
|
}
|
||||||
|
|
||||||
<h1>Create Multi-organization Enterprise Provider</h1>
|
<h1 class="mb-4">Create Multi-organization Enterprise Provider</h1>
|
||||||
<div>
|
<div>
|
||||||
<form class="form-group" method="post" asp-action="CreateMultiOrganizationEnterprise">
|
<form method="post" asp-action="CreateMultiOrganizationEnterprise">
|
||||||
<div asp-validation-summary="All" class="alert alert-danger"></div>
|
<div asp-validation-summary="All" class="alert alert-danger"></div>
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="OwnerEmail"></label>
|
<label asp-for="OwnerEmail" class="form-label"></label>
|
||||||
<input type="text" class="form-control" asp-for="OwnerEmail">
|
<input type="text" class="form-control" asp-for="OwnerEmail">
|
||||||
</div>
|
</div>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
@{
|
@{
|
||||||
var multiOrgPlans = new List<PlanType>
|
var multiOrgPlans = new List<PlanType>
|
||||||
{
|
{
|
||||||
@ -25,19 +25,19 @@
|
|||||||
PlanType.EnterpriseMonthly
|
PlanType.EnterpriseMonthly
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
<label asp-for="Plan"></label>
|
<label asp-for="Plan" class="form-label"></label>
|
||||||
<select class="form-control" asp-for="Plan" asp-items="Html.GetEnumSelectList(multiOrgPlans)">
|
<select class="form-select" asp-for="Plan" asp-items="Html.GetEnumSelectList(multiOrgPlans)">
|
||||||
<option value="">--</option>
|
<option value="">--</option>
|
||||||
</select>
|
</select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="EnterpriseSeatMinimum"></label>
|
<label asp-for="EnterpriseSeatMinimum" class="form-label"></label>
|
||||||
<input type="number" class="form-control" asp-for="EnterpriseSeatMinimum">
|
<input type="number" class="form-control" asp-for="EnterpriseSeatMinimum">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<button type="submit" class="btn btn-primary mb-2">Create Provider</button>
|
<button type="submit" class="btn btn-primary">Create Provider</button>
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
|
@ -18,7 +18,7 @@
|
|||||||
@await Html.PartialAsync("~/AdminConsole/Views/Shared/_OrganizationForm.cshtml", Model)
|
@await Html.PartialAsync("~/AdminConsole/Views/Shared/_OrganizationForm.cshtml", Model)
|
||||||
<div class="d-flex mt-4">
|
<div class="d-flex mt-4">
|
||||||
<button type="submit" class="btn btn-primary" form="edit-form">Save</button>
|
<button type="submit" class="btn btn-primary" form="edit-form">Save</button>
|
||||||
<div class="ml-auto d-flex">
|
<div class="ms-auto d-flex">
|
||||||
<form asp-controller="Providers" asp-action="Edit" asp-route-id="@Model.Provider.Id"
|
<form asp-controller="Providers" asp-action="Edit" asp-route-id="@Model.Provider.Id"
|
||||||
onsubmit="return confirm('Are you sure you want to cancel?')">
|
onsubmit="return confirm('Are you sure you want to cancel?')">
|
||||||
<button class="btn btn-outline-secondary" type="submit">Cancel</button>
|
<button class="btn btn-outline-secondary" type="submit">Cancel</button>
|
||||||
|
@ -6,18 +6,18 @@
|
|||||||
|
|
||||||
<h1>Create Reseller Provider</h1>
|
<h1>Create Reseller Provider</h1>
|
||||||
<div>
|
<div>
|
||||||
<form class="form-group" method="post" asp-action="CreateReseller">
|
<form class="mb-3" method="post" asp-action="CreateReseller">
|
||||||
<div asp-validation-summary="All" class="alert alert-danger"></div>
|
<div asp-validation-summary="All" class="alert alert-danger"></div>
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="Name"></label>
|
<label asp-for="Name" class="form-label"></label>
|
||||||
<input type="text" class="form-control" asp-for="Name">
|
<input type="text" class="form-control" asp-for="Name">
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="BusinessName"></label>
|
<label asp-for="BusinessName" class="form-label"></label>
|
||||||
<input type="text" class="form-control" asp-for="BusinessName">
|
<input type="text" class="form-control" asp-for="BusinessName">
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="BillingEmail"></label>
|
<label asp-for="BillingEmail" class="form-label"></label>
|
||||||
<input type="text" class="form-control" asp-for="BillingEmail">
|
<input type="text" class="form-control" asp-for="BillingEmail">
|
||||||
</div>
|
</div>
|
||||||
<button type="submit" class="btn btn-primary mb-2">Create Provider</button>
|
<button type="submit" class="btn btn-primary mb-2">Create Provider</button>
|
||||||
|
@ -34,16 +34,16 @@
|
|||||||
<h2>Billing</h2>
|
<h2>Billing</h2>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="BillingEmail"></label>
|
<label asp-for="BillingEmail" class="form-label"></label>
|
||||||
<input type="email" class="form-control" asp-for="BillingEmail" readonly='@(!canEdit)'>
|
<input type="email" class="form-control" asp-for="BillingEmail" readonly='@(!canEdit)'>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="BillingPhone"></label>
|
<label asp-for="BillingPhone" class="form-label"></label>
|
||||||
<input type="tel" class="form-control" asp-for="BillingPhone">
|
<input type="tel" class="form-control" asp-for="BillingPhone">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -56,14 +56,14 @@
|
|||||||
{
|
{
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="TeamsMonthlySeatMinimum"></label>
|
<label asp-for="TeamsMonthlySeatMinimum" class="form-label"></label>
|
||||||
<input type="number" class="form-control" asp-for="TeamsMonthlySeatMinimum">
|
<input type="number" class="form-control" asp-for="TeamsMonthlySeatMinimum">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="EnterpriseMonthlySeatMinimum"></label>
|
<label asp-for="EnterpriseMonthlySeatMinimum" class="form-label"></label>
|
||||||
<input type="number" class="form-control" asp-for="EnterpriseMonthlySeatMinimum">
|
<input type="number" class="form-control" asp-for="EnterpriseMonthlySeatMinimum">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -76,7 +76,7 @@
|
|||||||
{
|
{
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
@{
|
@{
|
||||||
var multiOrgPlans = new List<PlanType>
|
var multiOrgPlans = new List<PlanType>
|
||||||
{
|
{
|
||||||
@ -84,15 +84,15 @@
|
|||||||
PlanType.EnterpriseMonthly
|
PlanType.EnterpriseMonthly
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
<label asp-for="Plan"></label>
|
<label asp-for="Plan" class="form-label"></label>
|
||||||
<select class="form-control" asp-for="Plan" asp-items="Html.GetEnumSelectList(multiOrgPlans)">
|
<select class="form-control" asp-for="Plan" asp-items="Html.GetEnumSelectList(multiOrgPlans)">
|
||||||
<option value="">--</option>
|
<option value="">--</option>
|
||||||
</select>
|
</select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="EnterpriseMinimumSeats"></label>
|
<label asp-for="EnterpriseMinimumSeats" class="form-label"></label>
|
||||||
<input type="number" class="form-control" asp-for="EnterpriseMinimumSeats">
|
<input type="number" class="form-control" asp-for="EnterpriseMinimumSeats">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -103,40 +103,34 @@
|
|||||||
}
|
}
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<div class="form-group">
|
<label asp-for="Gateway" class="form-label"></label>
|
||||||
<label asp-for="Gateway"></label>
|
|
||||||
<select class="form-control" asp-for="Gateway" asp-items="Html.GetEnumSelectList<Bit.Core.Enums.GatewayType>()">
|
<select class="form-control" asp-for="Gateway" asp-items="Html.GetEnumSelectList<Bit.Core.Enums.GatewayType>()">
|
||||||
<option value="">--</option>
|
<option value="">--</option>
|
||||||
</select>
|
</select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="GatewayCustomerId"></label>
|
<label asp-for="GatewayCustomerId" class="form-label"></label>
|
||||||
<div class="input-group">
|
<div class="input-group">
|
||||||
<input type="text" class="form-control" asp-for="GatewayCustomerId">
|
<input type="text" class="form-control" asp-for="GatewayCustomerId">
|
||||||
<div class="input-group-append">
|
<button class="btn btn-secondary" type="button" onclick="window.open('@Model.GatewayCustomerUrl', '_blank')">
|
||||||
<a href="@Model.GatewayCustomerUrl" class="btn btn-secondary" target="_blank">
|
|
||||||
<i class="fa fa-external-link"></i>
|
<i class="fa fa-external-link"></i>
|
||||||
</a>
|
</button>
|
||||||
</div>
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="GatewaySubscriptionId"></label>
|
<label asp-for="GatewaySubscriptionId" class="form-label"></label>
|
||||||
<div class="input-group">
|
<div class="input-group">
|
||||||
<input type="text" class="form-control" asp-for="GatewaySubscriptionId">
|
<input type="text" class="form-control" asp-for="GatewaySubscriptionId">
|
||||||
<div class="input-group-append">
|
<button class="btn btn-secondary" type="button" onclick="window.open('@Model.GatewaySubscriptionUrl', '_blank')">
|
||||||
<a href="@Model.GatewaySubscriptionUrl" class="btn btn-secondary" target="_blank">
|
|
||||||
<i class="fa fa-external-link"></i>
|
<i class="fa fa-external-link"></i>
|
||||||
</a>
|
</button>
|
||||||
</div>
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -151,21 +145,21 @@
|
|||||||
<div class="modal-dialog">
|
<div class="modal-dialog">
|
||||||
<div class="modal-content rounded">
|
<div class="modal-content rounded">
|
||||||
<div class="p-3">
|
<div class="p-3">
|
||||||
<h4 class="font-weight-bolder" id="exampleModalLabel">Request provider deletion</h4>
|
<h4 class="fw-bolder" id="exampleModalLabel">Request provider deletion</h4>
|
||||||
</div>
|
</div>
|
||||||
<div class="modal-body">
|
<div class="modal-body">
|
||||||
<span class="font-weight-light">
|
<span class="fw-light">
|
||||||
Enter the email of the provider admin that will receive the request to delete the provider portal.
|
Enter the email of the provider admin that will receive the request to delete the provider portal.
|
||||||
</span>
|
</span>
|
||||||
<form>
|
<form>
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label for="provider-email" class="col-form-label">Provider email</label>
|
<label for="provider-email" class="col-form-label">Provider email</label>
|
||||||
<input type="email" class="form-control" id="provider-email">
|
<input type="email" class="form-control" id="provider-email">
|
||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
<div class="modal-footer">
|
<div class="modal-footer">
|
||||||
<button type="button" class="btn btn-outline-primary btn-pill" data-dismiss="modal">Cancel</button>
|
<button type="button" class="btn btn-outline-primary btn-pill" data-bs-dismiss="modal">Cancel</button>
|
||||||
<button type="button" class="btn btn-danger btn-pill" onclick="initiateDeleteProvider('@Model.Provider.Id')">Send email request</button>
|
<button type="button" class="btn btn-danger btn-pill" onclick="initiateDeleteProvider('@Model.Provider.Id')">Send email request</button>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -175,21 +169,21 @@
|
|||||||
<div class="modal-dialog">
|
<div class="modal-dialog">
|
||||||
<div class="modal-content rounded">
|
<div class="modal-content rounded">
|
||||||
<div class="p-3">
|
<div class="p-3">
|
||||||
<h4 class="font-weight-bolder" id="exampleModalLabel">Delete provider</h4>
|
<h4 class="fw-bolder" id="exampleModalLabel">Delete provider</h4>
|
||||||
</div>
|
</div>
|
||||||
<div class="modal-body">
|
<div class="modal-body">
|
||||||
<span class="font-weight-light">
|
<span class="fw-light">
|
||||||
This action is permanent and irreversible. Enter the provider name to complete deletion of the provider and associated data.
|
This action is permanent and irreversible. Enter the provider name to complete deletion of the provider and associated data.
|
||||||
</span>
|
</span>
|
||||||
<form>
|
<form>
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label for="provider-name" class="col-form-label">Provider name</label>
|
<label for="provider-name" class="col-form-label">Provider name</label>
|
||||||
<input type="text" class="form-control" id="provider-name">
|
<input type="text" class="form-control" id="provider-name">
|
||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
<div class="modal-footer">
|
<div class="modal-footer">
|
||||||
<button type="button" class="btn btn-outline-primary btn-pill" data-dismiss="modal">Cancel</button>
|
<button type="button" class="btn btn-outline-primary btn-pill" data-bs-dismiss="modal">Cancel</button>
|
||||||
<button type="button" class="btn btn-danger btn-pill" onclick="deleteProvider('@Model.Provider.Id');">Delete provider</button>
|
<button type="button" class="btn btn-danger btn-pill" onclick="deleteProvider('@Model.Provider.Id');">Delete provider</button>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -199,12 +193,12 @@
|
|||||||
<div class="modal-dialog" role="document">
|
<div class="modal-dialog" role="document">
|
||||||
<div class="modal-content rounded">
|
<div class="modal-content rounded">
|
||||||
<div class="modal-body">
|
<div class="modal-body">
|
||||||
<h4 class="font-weight-bolder">Cannot Delete @Model.Name</h4>
|
<h4 class="fw-bolder">Cannot Delete @Model.Name</h4>
|
||||||
<p class="font-weight-lighter">You must unlink all clients before you can delete @Model.Name.</p>
|
<p class="fw-lighter">You must unlink all clients before you can delete @Model.Name.</p>
|
||||||
</div>
|
</div>
|
||||||
<div class="modal-footer">
|
<div class="modal-footer">
|
||||||
<button type="button" class="btn btn-outline-primary btn-pill" data-dismiss="modal">Cancel</button>
|
<button type="button" class="btn btn-outline-primary btn-pill" data-bs-dismiss="modal">Cancel</button>
|
||||||
<button type="button" class="btn btn-primary btn-pill" data-dismiss="modal">Ok</button>
|
<button type="button" class="btn btn-primary btn-pill" data-bs-dismiss="modal">Ok</button>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -214,15 +208,14 @@
|
|||||||
|
|
||||||
<div class="d-flex mt-4">
|
<div class="d-flex mt-4">
|
||||||
<button type="submit" class="btn btn-primary" form="edit-form">Save</button>
|
<button type="submit" class="btn btn-primary" form="edit-form">Save</button>
|
||||||
<div class="ml-auto d-flex">
|
<div class="ms-auto d-flex">
|
||||||
<button class="btn btn-danger" onclick="openRequestDeleteModal(@Model.ProviderOrganizations.Count())">Request Delete</button>
|
<button class="btn btn-danger" onclick="openRequestDeleteModal(@Model.ProviderOrganizations.Count())">Request Delete</button>
|
||||||
<button id="requestDeletionBtn" hidden="hidden" data-toggle="modal" data-target="#requestDeletionModal"></button>
|
<button id="requestDeletionBtn" hidden="hidden" data-bs-toggle="modal" data-bs-target="#requestDeletionModal"></button>
|
||||||
|
|
||||||
<button class="btn btn-outline-danger ml-2" onclick="openDeleteModal(@Model.ProviderOrganizations.Count())">Delete</button>
|
<button class="btn btn-outline-danger ms-2" onclick="openDeleteModal(@Model.ProviderOrganizations.Count())">Delete</button>
|
||||||
<button id="deleteBtn" hidden="hidden" data-toggle="modal" data-target="#DeleteModal"></button>
|
<button id="deleteBtn" hidden="hidden" data-bs-toggle="modal" data-bs-target="#DeleteModal"></button>
|
||||||
|
|
||||||
<button id="linkAccWarningBtn" hidden="hidden" data-toggle="modal" data-target="#linkedWarningModal"></button>
|
|
||||||
|
|
||||||
|
<button id="linkAccWarningBtn" hidden="hidden" data-bs-toggle="modal" data-bs-target="#linkedWarningModal"></button>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
}
|
}
|
||||||
|
@ -11,23 +11,27 @@
|
|||||||
|
|
||||||
<h1>Providers</h1>
|
<h1>Providers</h1>
|
||||||
|
|
||||||
<div class="row mb-2">
|
<form class="row row-cols-lg-auto g-3 align-items-center mb-2" method="get">
|
||||||
<div class="col">
|
<div class="col-12">
|
||||||
<form class="form-inline mb-2" method="get">
|
<label class="visually-hidden" asp-for="Name">Name</label>
|
||||||
<label class="sr-only" asp-for="Name">Name</label>
|
<input type="text" class="form-control" placeholder="Name" asp-for="Name" name="name">
|
||||||
<input type="text" class="form-control mb-2 mr-2" placeholder="Name" asp-for="Name" name="name">
|
</div>
|
||||||
<label class="sr-only" asp-for="UserEmail">User email</label>
|
<div class="col-12">
|
||||||
<input type="text" class="form-control mb-2 mr-2" placeholder="User email" asp-for="UserEmail" name="userEmail">
|
<label class="visually-hidden" asp-for="UserEmail">User email</label>
|
||||||
<button type="submit" class="btn btn-primary mb-2" title="Search"><i class="fa fa-search"></i> Search</button>
|
<input type="text" class="form-control" placeholder="User email" asp-for="UserEmail" name="userEmail">
|
||||||
</form>
|
</div>
|
||||||
|
<div class="col-12">
|
||||||
|
<button type="submit" class="btn btn-primary" title="Search">
|
||||||
|
<i class="fa fa-search"></i> Search
|
||||||
|
</button>
|
||||||
</div>
|
</div>
|
||||||
@if (canCreateProvider)
|
@if (canCreateProvider)
|
||||||
{
|
{
|
||||||
<div class="col-auto">
|
<div class="col-auto ms-auto">
|
||||||
<a asp-action="Create" class="btn btn-secondary">Create Provider</a>
|
<a asp-action="Create" class="btn btn-secondary">Create Provider</a>
|
||||||
</div>
|
</div>
|
||||||
}
|
}
|
||||||
</div>
|
</form>
|
||||||
|
|
||||||
<div class="table-responsive">
|
<div class="table-responsive">
|
||||||
<table class="table table-striped table-hover">
|
<table class="table table-striped table-hover">
|
||||||
|
@ -24,9 +24,9 @@
|
|||||||
<th>
|
<th>
|
||||||
@if (Model.Provider.Type == ProviderType.Reseller)
|
@if (Model.Provider.Type == ProviderType.Reseller)
|
||||||
{
|
{
|
||||||
<div class="float-right text-nowrap">
|
<div class="float-end text-nowrap">
|
||||||
<a asp-controller="Providers" asp-action="CreateOrganization" asp-route-providerId="@Model.Provider.Id" class="btn btn-sm btn-primary">New Organization</a>
|
<a asp-controller="Providers" asp-action="CreateOrganization" asp-route-providerId="@Model.Provider.Id" class="btn btn-sm btn-primary text-decoration-none">New Organization</a>
|
||||||
<a asp-controller="Providers" asp-action="AddExistingOrganization" asp-route-id="@Model.Provider.Id" class="btn btn-sm btn-outline-primary">Add Existing Organization</a>
|
<a asp-controller="Providers" asp-action="AddExistingOrganization" asp-route-id="@Model.Provider.Id" class="btn btn-sm btn-outline-primary text-decoration-none">Add Existing Organization</a>
|
||||||
</div>
|
</div>
|
||||||
}
|
}
|
||||||
</th>
|
</th>
|
||||||
@ -51,16 +51,16 @@
|
|||||||
@providerOrganization.Status
|
@providerOrganization.Status
|
||||||
</td>
|
</td>
|
||||||
<td>
|
<td>
|
||||||
<div class="float-right">
|
<div class="float-end">
|
||||||
@if (canUnlinkFromProvider)
|
@if (canUnlinkFromProvider)
|
||||||
{
|
{
|
||||||
<a href="#" class="text-danger float-right" onclick="return unlinkProvider('@Model.Provider.Id', '@providerOrganization.Id');">
|
<a href="#" class="text-danger float-end" onclick="return unlinkProvider('@Model.Provider.Id', '@providerOrganization.Id');">
|
||||||
Unlink provider
|
Unlink provider
|
||||||
</a>
|
</a>
|
||||||
}
|
}
|
||||||
@if (providerOrganization.Status == OrganizationStatusType.Pending)
|
@if (providerOrganization.Status == OrganizationStatusType.Pending)
|
||||||
{
|
{
|
||||||
<a href="#" class="float-right mr-3" onclick="return resendOwnerInvite('@providerOrganization.OrganizationId');">
|
<a href="#" class="float-end me-3" onclick="return resendOwnerInvite('@providerOrganization.OrganizationId');">
|
||||||
Resend invitation
|
Resend invitation
|
||||||
</a>
|
</a>
|
||||||
}
|
}
|
||||||
|
@ -26,8 +26,8 @@
|
|||||||
<h2>General</h2>
|
<h2>General</h2>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="Name"></label>
|
<label class="form-label" asp-for="Name"></label>
|
||||||
<input type="text" class="form-control" asp-for="Name" value="@Model.Name" required>
|
<input type="text" class="form-control" asp-for="Name" value="@Model.Name" required>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -37,17 +37,17 @@
|
|||||||
{
|
{
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label>Client Owner Email</label>
|
<label class="form-label">Client Owner Email</label>
|
||||||
@if (!string.IsNullOrWhiteSpace(Model.Owners))
|
@if (!string.IsNullOrWhiteSpace(Model.Owners))
|
||||||
{
|
{
|
||||||
<input type="text" class="form-control" asp-for="Owners" readonly="readonly">
|
<input type="text" class="form-control" asp-for="Owners" readonly>
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
<input type="text" class="form-control" asp-for="Owners" required>
|
<input type="text" class="form-control" asp-for="Owners" required>
|
||||||
}
|
}
|
||||||
<label class="form-check-label small text-muted align-top">This user should be independent of the Provider. If the Provider is disassociated with the organization, this user will maintain ownership of the organization.</label>
|
<div class="form-text mt-0">This user should be independent of the Provider. If the Provider is disassociated with the organization, this user will maintain ownership of the organization.</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -66,8 +66,8 @@
|
|||||||
<h2>Plan</h2>
|
<h2>Plan</h2>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="PlanType"></label>
|
<label class="form-label" asp-for="PlanType"></label>
|
||||||
@{
|
@{
|
||||||
var planTypes = Enum.GetValues<PlanType>()
|
var planTypes = Enum.GetValues<PlanType>()
|
||||||
.Where(p =>
|
.Where(p =>
|
||||||
@ -83,12 +83,12 @@
|
|||||||
})
|
})
|
||||||
.ToList();
|
.ToList();
|
||||||
}
|
}
|
||||||
<select class="form-control" asp-for="PlanType" asp-items="planTypes" disabled='@(canEditPlan ? null : "disabled")'></select>
|
<select class="form-select" asp-for="PlanType" asp-items="planTypes" disabled='@(canEditPlan ? null : "disabled")'></select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="Plan"></label>
|
<label class="form-label" asp-for="Plan"></label>
|
||||||
<input type="text" class="form-control" asp-for="Plan" required readonly='@(!canEditPlan)'>
|
<input type="text" class="form-control" asp-for="Plan" required readonly='@(!canEditPlan)'>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -172,28 +172,28 @@
|
|||||||
<h2>Password Manager Configuration</h2>
|
<h2>Password Manager Configuration</h2>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="Seats"></label>
|
<label class="form-label" asp-for="Seats"></label>
|
||||||
<input type="number" class="form-control" asp-for="Seats" min="1" readonly='@(!canEditPlan)'>
|
<input type="number" class="form-control" asp-for="Seats" min="1" readonly='@(!canEditPlan)'>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="MaxCollections"></label>
|
<label class="form-label" asp-for="MaxCollections"></label>
|
||||||
<input type="number" class="form-control" asp-for="MaxCollections" min="1" readonly='@(!canEditPlan)'>
|
<input type="number" class="form-control" asp-for="MaxCollections" min="1" readonly='@(!canEditPlan)'>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="MaxStorageGb"></label>
|
<label class="form-label" asp-for="MaxStorageGb"></label>
|
||||||
<input type="number" class="form-control" asp-for="MaxStorageGb" min="1" readonly='@(!canEditPlan)'>
|
<input type="number" class="form-control" asp-for="MaxStorageGb" min="1" readonly='@(!canEditPlan)'>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-4">
|
<div class="col-4">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="MaxAutoscaleSeats"></label>
|
<label class="form-label" asp-for="MaxAutoscaleSeats"></label>
|
||||||
<input type="number" class="form-control" asp-for="MaxAutoscaleSeats" min="1" readonly='@(!canEditPlan)'>
|
<input type="number" class="form-control" asp-for="MaxAutoscaleSeats" min="1" readonly='@(!canEditPlan)'>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -202,32 +202,32 @@
|
|||||||
|
|
||||||
@if (canViewPlan)
|
@if (canViewPlan)
|
||||||
{
|
{
|
||||||
<div id="organization-secrets-configuration" hidden="@(!Model.UseSecretsManager)">
|
<div id="organization-secrets-configuration" @(Model.UseSecretsManager ? null : "lass='d-none'")>
|
||||||
<h2>Secrets Manager Configuration</h2>
|
<h2>Secrets Manager Configuration</h2>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="SmSeats"></label>
|
<label class="form-label" asp-for="SmSeats"></label>
|
||||||
<input type="number" class="form-control" asp-for="SmSeats" min="1" readonly='@(!canEditPlan)'>
|
<input type="number" class="form-control" asp-for="SmSeats" min="1" readonly='@(!canEditPlan)'>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="MaxAutoscaleSmSeats"></label>
|
<label class="form-label" asp-for="MaxAutoscaleSmSeats"></label>
|
||||||
<input type="number" class="form-control" asp-for="MaxAutoscaleSmSeats" min="1" readonly='@(!canEditPlan)'>
|
<input type="number" class="form-control" asp-for="MaxAutoscaleSmSeats" min="1" readonly='@(!canEditPlan)'>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="SmServiceAccounts"></label>
|
<label class="form-label" asp-for="SmServiceAccounts"></label>
|
||||||
<input type="number" class="form-control" asp-for="SmServiceAccounts" min="1" readonly='@(!canEditPlan)'>
|
<input type="number" class="form-control" asp-for="SmServiceAccounts" min="1" readonly='@(!canEditPlan)'>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-4">
|
<div class="col-4">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="MaxAutoscaleSmServiceAccounts"></label>
|
<label class="form-label" asp-for="MaxAutoscaleSmServiceAccounts"></label>
|
||||||
<input type="number" class="form-control" asp-for="MaxAutoscaleSmServiceAccounts" min="1" readonly='@(!canEditPlan)'>
|
<input type="number" class="form-control" asp-for="MaxAutoscaleSmServiceAccounts" min="1" readonly='@(!canEditPlan)'>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -240,14 +240,14 @@
|
|||||||
<h2>Licensing</h2>
|
<h2>Licensing</h2>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="LicenseKey"></label>
|
<label class="form-label" asp-for="LicenseKey"></label>
|
||||||
<input type="text" class="form-control" asp-for="LicenseKey" readonly='@(!canEditLicensing)'>
|
<input type="text" class="form-control" asp-for="LicenseKey" readonly='@(!canEditLicensing)'>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="ExpirationDate"></label>
|
<label class="form-label" asp-for="ExpirationDate"></label>
|
||||||
<input type="datetime-local" class="form-control" asp-for="ExpirationDate" readonly='@(!canEditLicensing)' step="1">
|
<input type="datetime-local" class="form-control" asp-for="ExpirationDate" readonly='@(!canEditLicensing)' step="1">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -259,52 +259,46 @@
|
|||||||
<h2>Billing</h2>
|
<h2>Billing</h2>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="BillingEmail"></label>
|
<label class="form-label" asp-for="BillingEmail"></label>
|
||||||
<input type="email" class="form-control" asp-for="BillingEmail" readonly="readonly">
|
<input type="email" class="form-control" asp-for="BillingEmail" readonly="readonly">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<div class="form-group">
|
<label class="form-label" asp-for="Gateway"></label>
|
||||||
<label asp-for="Gateway"></label>
|
<select class="form-select" asp-for="Gateway" disabled="@(!canEditBilling)"
|
||||||
<select class="form-control" asp-for="Gateway" disabled='@(canEditBilling ? null : "disabled")'
|
|
||||||
asp-items="Html.GetEnumSelectList<Bit.Core.Enums.GatewayType>()">
|
asp-items="Html.GetEnumSelectList<Bit.Core.Enums.GatewayType>()">
|
||||||
<option value="">--</option>
|
<option value="">--</option>
|
||||||
</select>
|
</select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="GatewayCustomerId"></label>
|
<label class="form-label" asp-for="GatewayCustomerId"></label>
|
||||||
<div class="input-group">
|
<div class="input-group">
|
||||||
<input type="text" class="form-control" asp-for="GatewayCustomerId" readonly='@(!canEditBilling)'>
|
<input type="text" class="form-control" asp-for="GatewayCustomerId" readonly='@(!canEditBilling)'>
|
||||||
@if(canLaunchGateway)
|
@if(canLaunchGateway)
|
||||||
{
|
{
|
||||||
<div class="input-group-append">
|
|
||||||
<button class="btn btn-secondary" type="button" id="gateway-customer-link">
|
<button class="btn btn-secondary" type="button" id="gateway-customer-link">
|
||||||
<i class="fa fa-external-link"></i>
|
<i class="fa fa-external-link"></i>
|
||||||
</button>
|
</button>
|
||||||
</div>
|
|
||||||
}
|
}
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="GatewaySubscriptionId"></label>
|
<label class="form-label" asp-for="GatewaySubscriptionId"></label>
|
||||||
<div class="input-group">
|
<div class="input-group">
|
||||||
<input type="text" class="form-control" asp-for="GatewaySubscriptionId" readonly='@(!canEditBilling)'>
|
<input type="text" class="form-control" asp-for="GatewaySubscriptionId" readonly='@(!canEditBilling)'>
|
||||||
@if (canLaunchGateway)
|
@if (canLaunchGateway)
|
||||||
{
|
{
|
||||||
<div class="input-group-append">
|
|
||||||
<button class="btn btn-secondary" type="button" id="gateway-subscription-link">
|
<button class="btn btn-secondary" type="button" id="gateway-subscription-link">
|
||||||
<i class="fa fa-external-link"></i>
|
<i class="fa fa-external-link"></i>
|
||||||
</button>
|
</button>
|
||||||
</div>
|
|
||||||
}
|
}
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
@ -3,8 +3,8 @@
|
|||||||
ViewData["Title"] = "Login";
|
ViewData["Title"] = "Login";
|
||||||
}
|
}
|
||||||
|
|
||||||
<div class="row justify-content-md-center">
|
<div class="row justify-content-center">
|
||||||
<div class="col col-lg-6 col-md-8">
|
<div class="col-lg-6 col-md-8">
|
||||||
@if(!string.IsNullOrWhiteSpace(Model.Success))
|
@if(!string.IsNullOrWhiteSpace(Model.Success))
|
||||||
{
|
{
|
||||||
<div class="alert alert-success" role="alert">@Model.Success</div>
|
<div class="alert alert-success" role="alert">@Model.Success</div>
|
||||||
@ -19,12 +19,12 @@
|
|||||||
<form asp-action="" method="post">
|
<form asp-action="" method="post">
|
||||||
<input type="hidden" asp-for="ReturnUrl" />
|
<input type="hidden" asp-for="ReturnUrl" />
|
||||||
<div asp-validation-summary="ModelOnly" class="text-danger"></div>
|
<div asp-validation-summary="ModelOnly" class="text-danger"></div>
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="Email" class="sr-only">Email Address</label>
|
<label asp-for="Email" class="visually-hidden">Email Address</label>
|
||||||
<input asp-for="Email" type="email" class="form-control" placeholder="ex. john@example.com"
|
<input asp-for="Email" type="email" class="form-control" placeholder="ex. john@example.com"
|
||||||
required autofocus>
|
required autofocus>
|
||||||
<span asp-validation-for="Email" class="invalid-feedback"></span>
|
<span asp-validation-for="Email" class="invalid-feedback"></span>
|
||||||
<small class="form-text text-muted">We'll email you a secure login link.</small>
|
<div class="form-text">We'll email you a secure login link.</div>
|
||||||
</div>
|
</div>
|
||||||
<button class="btn btn-primary" type="submit">Continue</button>
|
<button class="btn btn-primary" type="submit">Continue</button>
|
||||||
</form>
|
</form>
|
||||||
|
@ -25,22 +25,22 @@ bf82d3cf-0e21-4f39-b81b-ef52b2fc6a3a
|
|||||||
</div>
|
</div>
|
||||||
<form method="post" asp-controller="MigrateProviders" asp-action="Post" class="mt-2">
|
<form method="post" asp-controller="MigrateProviders" asp-action="Post" class="mt-2">
|
||||||
<div asp-validation-summary="All" class="text-danger"></div>
|
<div asp-validation-summary="All" class="text-danger"></div>
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="ProviderIds"></label>
|
<label class="form-label" asp-for="ProviderIds"></label>
|
||||||
<textarea rows="10" class="form-control" type="text" asp-for="ProviderIds"></textarea>
|
<textarea rows="10" class="form-control" type="text" asp-for="ProviderIds"></textarea>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<input type="submit" value="Run" class="btn btn-primary mb-2"/>
|
<input type="submit" value="Run" class="btn btn-primary"/>
|
||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
||||||
<form method="get" asp-controller="MigrateProviders" asp-action="Results" class="mt-2">
|
<form method="get" asp-controller="MigrateProviders" asp-action="Results" class="mt-2">
|
||||||
<div asp-validation-summary="All" class="text-danger"></div>
|
<div asp-validation-summary="All" class="text-danger"></div>
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="ProviderIds"></label>
|
<label class="form-label" asp-for="ProviderIds"></label>
|
||||||
<textarea rows="10" class="form-control" type="text" asp-for="ProviderIds"></textarea>
|
<textarea rows="10" class="form-control" type="text" asp-for="ProviderIds"></textarea>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<input type="submit" value="See Previous Results" class="btn btn-primary mb-2"/>
|
<input type="submit" value="See Previous Results" class="btn btn-primary"/>
|
||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
||||||
</section>
|
</section>
|
||||||
|
@ -1,4 +1,7 @@
|
|||||||
@import "webfonts.scss";
|
@import "webfonts.scss";
|
||||||
|
@import "bootstrap/scss/functions";
|
||||||
|
@import "bootstrap/scss/variables";
|
||||||
|
@import "bootstrap/scss/mixins";
|
||||||
|
|
||||||
$primary: #175DDC;
|
$primary: #175DDC;
|
||||||
$primary-accent: #1252A3;
|
$primary-accent: #1252A3;
|
||||||
@ -7,7 +10,8 @@ $info: #555555;
|
|||||||
$warning: #bf7e16;
|
$warning: #bf7e16;
|
||||||
$danger: #dd4b39;
|
$danger: #dd4b39;
|
||||||
|
|
||||||
$theme-colors: ( "primary-accent": $primary-accent );
|
$theme-colors: map-merge($theme-colors, ("primary-accent": $primary-accent));
|
||||||
|
|
||||||
$font-family-sans-serif: 'Open Sans','Helvetica Neue',Helvetica,Arial,sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol';
|
$font-family-sans-serif: 'Open Sans','Helvetica Neue',Helvetica,Arial,sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol';
|
||||||
|
|
||||||
$h1-font-size: 2rem;
|
$h1-font-size: 2rem;
|
||||||
@ -17,7 +21,7 @@ $h4-font-size: 1rem;
|
|||||||
$h5-font-size: 1rem;
|
$h5-font-size: 1rem;
|
||||||
$h6-font-size: 1rem;
|
$h6-font-size: 1rem;
|
||||||
|
|
||||||
@import "bootstrap/scss/bootstrap.scss";
|
@import "bootstrap/scss/bootstrap";
|
||||||
|
|
||||||
h1 {
|
h1 {
|
||||||
border-bottom: 1px solid $border-color;
|
border-bottom: 1px solid $border-color;
|
||||||
@ -49,3 +53,11 @@ h3 {
|
|||||||
.form-check-input {
|
.form-check-input {
|
||||||
margin-top: .45rem;
|
margin-top: .45rem;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
a {
|
||||||
|
text-decoration: none;
|
||||||
|
|
||||||
|
&:hover {
|
||||||
|
text-decoration: underline;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@ -105,7 +105,7 @@
|
|||||||
<h3>SMTP</h3>
|
<h3>SMTP</h3>
|
||||||
@if(!Bit.Core.Utilities.CoreHelpers.SettingHasValue(Model.GlobalSettings.Mail?.Smtp?.Host))
|
@if(!Bit.Core.Utilities.CoreHelpers.SettingHasValue(Model.GlobalSettings.Mail?.Smtp?.Host))
|
||||||
{
|
{
|
||||||
<p class="text-muted">Not configured</p>
|
<p class="text-body-secondary">Not configured</p>
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -159,7 +159,7 @@ else
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
<span class="text-muted">Not configured</span>
|
<span class="text-body-secondary">Not configured</span>
|
||||||
}
|
}
|
||||||
</dd>
|
</dd>
|
||||||
|
|
||||||
@ -171,7 +171,7 @@ else
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
<span class="text-muted">Not configured</span>
|
<span class="text-body-secondary">Not configured</span>
|
||||||
}
|
}
|
||||||
</dd>
|
</dd>
|
||||||
|
|
||||||
@ -183,7 +183,7 @@ else
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
<span class="text-muted">Not configured</span>
|
<span class="text-body-secondary">Not configured</span>
|
||||||
}
|
}
|
||||||
</dd>
|
</dd>
|
||||||
</dl>
|
</dl>
|
||||||
|
@ -37,12 +37,12 @@
|
|||||||
<a class="navbar-brand" asp-controller="Home" asp-action="Index">
|
<a class="navbar-brand" asp-controller="Home" asp-action="Index">
|
||||||
<i class="fa fa-lg fa-fw fa-shield"></i> Admin
|
<i class="fa fa-lg fa-fw fa-shield"></i> Admin
|
||||||
</a>
|
</a>
|
||||||
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarCollapse"
|
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarCollapse"
|
||||||
aria-controls="navbarCollapse" aria-expanded="false" aria-label="Toggle navigation">
|
aria-controls="navbarCollapse" aria-expanded="false" aria-label="Toggle navigation">
|
||||||
<span class="navbar-toggler-icon"></span>
|
<span class="navbar-toggler-icon"></span>
|
||||||
</button>
|
</button>
|
||||||
<div class="collapse navbar-collapse" id="navbarCollapse">
|
<div class="collapse navbar-collapse" id="navbarCollapse">
|
||||||
<ul class="navbar-nav mr-auto">
|
<ul class="navbar-nav me-auto mb-2 mb-md-0">
|
||||||
@if (SignInManager.IsSignedIn(User))
|
@if (SignInManager.IsSignedIn(User))
|
||||||
{
|
{
|
||||||
@if (canViewUsers)
|
@if (canViewUsers)
|
||||||
@ -69,10 +69,10 @@
|
|||||||
{
|
{
|
||||||
<li class="nav-item dropdown" active-controller="tools">
|
<li class="nav-item dropdown" active-controller="tools">
|
||||||
<a class="nav-link dropdown-toggle" href="#" id="toolsDropdown" role="button"
|
<a class="nav-link dropdown-toggle" href="#" id="toolsDropdown" role="button"
|
||||||
data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
|
data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
|
||||||
Tools
|
Tools
|
||||||
</a>
|
</a>
|
||||||
<div class="dropdown-menu" aria-labelledby="toolsDropdown">
|
<ul class="dropdown-menu" aria-labelledby="toolsDropdown">
|
||||||
@if (canChargeBraintree)
|
@if (canChargeBraintree)
|
||||||
{
|
{
|
||||||
<a class="dropdown-item" asp-controller="Tools" asp-action="ChargeBraintree">
|
<a class="dropdown-item" asp-controller="Tools" asp-action="ChargeBraintree">
|
||||||
@ -121,7 +121,7 @@
|
|||||||
Migrate Providers
|
Migrate Providers
|
||||||
</a>
|
</a>
|
||||||
}
|
}
|
||||||
</div>
|
</ul>
|
||||||
</li>
|
</li>
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -10,30 +10,30 @@
|
|||||||
<div asp-validation-summary="All" class="alert alert-danger"></div>
|
<div asp-validation-summary="All" class="alert alert-danger"></div>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-md">
|
<div class="col-md">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="UserId"></label>
|
<label asp-for="UserId" class="form-label"></label>
|
||||||
<input type="text" class="form-control" asp-for="UserId">
|
<input type="text" class="form-control" asp-for="UserId">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-md">
|
<div class="col-md">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="OrganizationId"></label>
|
<label asp-for="OrganizationId" class="form-label"></label>
|
||||||
<input type="text" class="form-control" asp-for="OrganizationId">
|
<input type="text" class="form-control" asp-for="OrganizationId">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-md">
|
<div class="col-md">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="Date"></label>
|
<label asp-for="Date" class="form-label"></label>
|
||||||
<input type="datetime-local" class="form-control" asp-for="Date" required>
|
<input type="datetime-local" class="form-control" asp-for="Date" required>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-md">
|
<div class="col-md">
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="Type"></label>
|
<label asp-for="Type" class="form-label"></label>
|
||||||
<select class="form-control" asp-for="Type" required
|
<select class="form-select" asp-for="Type" required
|
||||||
asp-items="Html.GetEnumSelectList<Bit.Core.Enums.TransactionType>()"></select>
|
asp-items="Html.GetEnumSelectList<Bit.Core.Enums.TransactionType>()"></select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -41,24 +41,20 @@
|
|||||||
</div>
|
</div>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-md">
|
<div class="col-md">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="Amount"></label>
|
<label asp-for="Amount" class="form-label"></label>
|
||||||
<div class="input-group mb-3">
|
<div class="input-group">
|
||||||
<div class="input-group-prepend">
|
|
||||||
<span class="input-group-text">$</span>
|
<span class="input-group-text">$</span>
|
||||||
</div>
|
|
||||||
<input type="number" min="-1000000.00" max="1000000.00" step="0.01" class="form-control"
|
<input type="number" min="-1000000.00" max="1000000.00" step="0.01" class="form-control"
|
||||||
asp-for="Amount" required placeholder="ex. 10.00">
|
asp-for="Amount" required placeholder="ex. 10.00">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-md">
|
<div class="col-md">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="RefundedAmount"></label>
|
<label asp-for="RefundedAmount" class="form-label"></label>
|
||||||
<div class="input-group mb-3">
|
<div class="input-group">
|
||||||
<div class="input-group-prepend">
|
|
||||||
<span class="input-group-text">$</span>
|
<span class="input-group-text">$</span>
|
||||||
</div>
|
|
||||||
<input type="number" min="0.01" max="1000000.00" step="0.01" class="form-control"
|
<input type="number" min="0.01" max="1000000.00" step="0.01" class="form-control"
|
||||||
asp-for="RefundedAmount" placeholder="ex. 10.00">
|
asp-for="RefundedAmount" placeholder="ex. 10.00">
|
||||||
</div>
|
</div>
|
||||||
@ -69,41 +65,37 @@
|
|||||||
<input type="checkbox" class="form-check-input" asp-for="Refunded">
|
<input type="checkbox" class="form-check-input" asp-for="Refunded">
|
||||||
<label class="form-check-label" asp-for="Refunded"></label>
|
<label class="form-check-label" asp-for="Refunded"></label>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="Details"></label>
|
<label asp-for="Details" class="form-label"></label>
|
||||||
<input type="text" class="form-control" asp-for="Details" required>
|
<input type="text" class="form-control" asp-for="Details" required>
|
||||||
</div>
|
</div>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-md">
|
<div class="col-md">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<div class="form-group">
|
<label asp-for="Gateway" class="form-label"></label>
|
||||||
<label asp-for="Gateway"></label>
|
<select class="form-select" asp-for="Gateway"
|
||||||
<select class="form-control" asp-for="Gateway"
|
|
||||||
asp-items="Html.GetEnumSelectList<Bit.Core.Enums.GatewayType>()">
|
asp-items="Html.GetEnumSelectList<Bit.Core.Enums.GatewayType>()">
|
||||||
<option value="">--</option>
|
<option value="">--</option>
|
||||||
</select>
|
</select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
|
||||||
<div class="col-md">
|
<div class="col-md">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="GatewayId"></label>
|
<label asp-for="GatewayId" class="form-label"></label>
|
||||||
<input type="text" class="form-control" asp-for="GatewayId">
|
<input type="text" class="form-control" asp-for="GatewayId">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-md-6">
|
<div class="col-md-6">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<div class="form-group">
|
<label asp-for="PaymentMethod" class="form-label"></label>
|
||||||
<label asp-for="PaymentMethod"></label>
|
<select class="form-select" asp-for="PaymentMethod"
|
||||||
<select class="form-control" asp-for="PaymentMethod"
|
|
||||||
asp-items="Html.GetEnumSelectList<Bit.Core.Enums.PaymentMethodType>()">
|
asp-items="Html.GetEnumSelectList<Bit.Core.Enums.PaymentMethodType>()">
|
||||||
<option value="">--</option>
|
<option value="">--</option>
|
||||||
</select>
|
</select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
|
||||||
<button type="submit" class="btn btn-primary mb-2">@action Transaction</button>
|
<button type="submit" class="btn btn-primary mb-2">@action Transaction</button>
|
||||||
</form>
|
</form>
|
||||||
|
@ -9,28 +9,28 @@
|
|||||||
<div asp-validation-summary="All" class="alert alert-danger"></div>
|
<div asp-validation-summary="All" class="alert alert-danger"></div>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-md">
|
<div class="col-md">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="UserId"></label>
|
<label asp-for="UserId" class="form-label"></label>
|
||||||
<input type="text" class="form-control" asp-for="UserId">
|
<input type="text" class="form-control" asp-for="UserId">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-md">
|
<div class="col-md">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="OrganizationId"></label>
|
<label asp-for="OrganizationId" class="form-label"></label>
|
||||||
<input type="text" class="form-control" asp-for="OrganizationId">
|
<input type="text" class="form-control" asp-for="OrganizationId">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-md">
|
<div class="col-md">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="InstallationId"></label>
|
<label asp-for="InstallationId" class="form-label"></label>
|
||||||
<input type="text" class="form-control" asp-for="InstallationId">
|
<input type="text" class="form-control" asp-for="InstallationId">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-md">
|
<div class="col-md">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="Version"></label>
|
<label asp-for="Version" class="form-label"></label>
|
||||||
<input type="number" class="form-control" asp-for="Version">
|
<input type="number" class="form-control" asp-for="Version">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
@ -9,17 +9,17 @@
|
|||||||
<div asp-validation-summary="All" class="alert alert-danger"></div>
|
<div asp-validation-summary="All" class="alert alert-danger"></div>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-md">
|
<div class="col-md">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="UserId"></label>
|
<label asp-for="UserId" class="form-label"></label>
|
||||||
<input type="text" class="form-control" asp-for="UserId">
|
<input type="text" class="form-control" asp-for="UserId">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-md">
|
<div class="col-md">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="OrganizationId"></label>
|
<label asp-for="OrganizationId" class="form-label"></label>
|
||||||
<input type="text" class="form-control" asp-for="OrganizationId">
|
<input type="text" class="form-control" asp-for="OrganizationId">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<button type="submit" class="btn btn-primary mb-2">Promote Admin</button>
|
<button type="submit" class="btn btn-primary">Promote Admin</button>
|
||||||
</form>
|
</form>
|
@ -74,38 +74,38 @@
|
|||||||
<div class="alert alert-success"></div>
|
<div class="alert alert-success"></div>
|
||||||
}
|
}
|
||||||
<form method="post">
|
<form method="post">
|
||||||
<div asp-validation-summary="All" class="alert alert-danger"></div>
|
<div asp-validation-summary="All" class="alert alert-danger"></div>
|
||||||
<div class="row">
|
<div class="row g-3">
|
||||||
<div class="col-6">
|
<div class="col-md-6">
|
||||||
<label asp-for="Filter.Status">Status</label>
|
<label class="form-label" asp-for="Filter.Status">Status</label>
|
||||||
<select asp-for="Filter.Status" name="filter.Status" class="form-control mr-2">
|
<select asp-for="Filter.Status" name="filter.Status" class="form-select">
|
||||||
<option asp-selected="Model.Filter.Status == null" value="all">All</option>
|
<option asp-selected="Model.Filter.Status == null" value="all">All</option>
|
||||||
<option asp-selected='Model.Filter.Status == "active"' value="active">Active</option>
|
<option asp-selected='Model.Filter.Status == "active"' value="active">Active</option>
|
||||||
<option asp-selected='Model.Filter.Status == "unpaid"' value="unpaid">Unpaid</option>
|
<option asp-selected='Model.Filter.Status == "unpaid"' value="unpaid">Unpaid</option>
|
||||||
</select>
|
</select>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-6">
|
<div class="col-md-6">
|
||||||
<label asp-for="Filter.CurrentPeriodEnd">Current Period End</label>
|
<label class="form-label" asp-for="Filter.CurrentPeriodEnd">Current Period End</label>
|
||||||
<div class="input-group">
|
<div class="input-group">
|
||||||
<div class="input-group-append">
|
|
||||||
<div class="input-group-text">
|
<div class="input-group-text">
|
||||||
<span class="mr-1">
|
<div class="form-check form-check-inline mb-0">
|
||||||
<input type="radio" class="mr-1" asp-for="Filter.CurrentPeriodEndRange" name="filter.CurrentPeriodEndRange" value="lt">Before
|
<input type="radio" class="form-check-input" asp-for="Filter.CurrentPeriodEndRange" value="lt" id="beforeRadio">
|
||||||
</span>
|
<label class="form-check-label me-2" for="beforeRadio">Before</label>
|
||||||
<input type="radio" asp-for="Filter.CurrentPeriodEndRange" name="filter.CurrentPeriodEndRange" value="gt">After
|
</div>
|
||||||
|
<div class="form-check form-check-inline mb-0">
|
||||||
|
<input type="radio" class="form-check-input" asp-for="Filter.CurrentPeriodEndRange" value="gt" id="afterRadio">
|
||||||
|
<label class="form-check-label" for="afterRadio">After</label>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@{
|
@{
|
||||||
var date = @Model.Filter.CurrentPeriodEndDate.HasValue ? @Model.Filter.CurrentPeriodEndDate.Value.ToString("yyyy-MM-dd") : string.Empty;
|
var date = @Model.Filter.CurrentPeriodEndDate.HasValue ? @Model.Filter.CurrentPeriodEndDate.Value.ToString("yyyy-MM-dd") : string.Empty;
|
||||||
<input type="date" class="form-control" asp-for="Filter.CurrentPeriodEndDate" name="filter.CurrentPeriodEndDate" value="@date">
|
|
||||||
}
|
}
|
||||||
|
<input type="date" class="form-control" asp-for="Filter.CurrentPeriodEndDate" name="filter.CurrentPeriodEndDate" value="@date">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
<div class="col-md-6">
|
||||||
<div class="row mt-2">
|
<label class="form-label" asp-for="Filter.Price">Price ID</label>
|
||||||
<div class="col-6">
|
<select asp-for="Filter.Price" name="filter.Price" class="form-select">
|
||||||
<label asp-for="Filter.Price">Price ID</label>
|
|
||||||
<select asp-for="Filter.Price" name="filter.Price" class="form-control mr-2">
|
|
||||||
<option asp-selected="Model.Filter.Price == null" value="@null">All</option>
|
<option asp-selected="Model.Filter.Price == null" value="@null">All</option>
|
||||||
@foreach (var price in Model.Prices)
|
@foreach (var price in Model.Prices)
|
||||||
{
|
{
|
||||||
@ -113,9 +113,9 @@
|
|||||||
}
|
}
|
||||||
</select>
|
</select>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-6">
|
<div class="col-md-6">
|
||||||
<label asp-for="Filter.TestClock">Test Clock</label>
|
<label class="form-label" asp-for="Filter.TestClock">Test Clock</label>
|
||||||
<select asp-for="Filter.TestClock" name="filter.TestClock" class="form-control mr-2">
|
<select asp-for="Filter.TestClock" name="filter.TestClock" class="form-select">
|
||||||
<option asp-selected="Model.Filter.TestClock == null" value="@null">All</option>
|
<option asp-selected="Model.Filter.TestClock == null" value="@null">All</option>
|
||||||
@foreach (var clock in Model.TestClocks)
|
@foreach (var clock in Model.TestClocks)
|
||||||
{
|
{
|
||||||
@ -123,26 +123,32 @@
|
|||||||
}
|
}
|
||||||
</select>
|
</select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
<div class="col-12 text-end">
|
||||||
<div class="row col-12 d-flex justify-content-end my-3">
|
<button type="submit" class="btn btn-primary" title="Search" name="action" asp-for="Action" value="@StripeSubscriptionsAction.Search">
|
||||||
<button type="submit" class="btn btn-primary" title="Search" name="action" asp-for="Action" value="@StripeSubscriptionsAction.Search"><i class="fa fa-search"></i> Search</button>
|
<i class="fa fa-search"></i> Search
|
||||||
</div>
|
</button>
|
||||||
<hr/>
|
</div>
|
||||||
<input type="checkbox" class="d-none" name="filter.SelectAll" id="selectAllInput" asp-for="@Model.Filter.SelectAll">
|
</div>
|
||||||
<div class="text-center row d-flex justify-content-center">
|
<hr/>
|
||||||
|
<input type="checkbox" class="d-none" name="filter.SelectAll" id="selectAllInput" asp-for="@Model.Filter.SelectAll">
|
||||||
|
<div class="text-center row d-flex justify-content-center">
|
||||||
<div id="selectAll" class="d-none col-8">
|
<div id="selectAll" class="d-none col-8">
|
||||||
All @Model.Items.Count subscriptions on this page are selected.<br/>
|
All @Model.Items.Count subscriptions on this page are selected.<br/>
|
||||||
<button type="button" id="selectAllElement" class="btn btn-link p-0 pb-1" onclick="onSelectAll()">Click here to select all subscriptions for this search.</button>
|
<button type="button" id="selectAllElement" class="btn btn-link p-0 pb-1" onclick="onSelectAll()">Click here to select all subscriptions for this search.</button>
|
||||||
<span id="selectedAllConfirmation" class="d-none text-muted">✔ All subscriptions for this search are selected.</span><br/>
|
<span id="selectedAllConfirmation" class="d-none text-body-secondary">
|
||||||
<div class="alert alert-warning" role="alert">Please be aware that bulk operations may take several minutes to complete.</div>
|
<i class="fa fa-check"></i> All subscriptions for this search are selected.
|
||||||
|
</span>
|
||||||
|
<div class="alert alert-warning mt-2" role="alert">
|
||||||
|
Please be aware that bulk operations may take several minutes to complete.
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="table-responsive">
|
</div>
|
||||||
<table class="table table-striped table-hover">
|
<div class="table-responsive">
|
||||||
|
<table class="table table-striped table-hover align-middle">
|
||||||
<thead>
|
<thead>
|
||||||
<tr>
|
<tr>
|
||||||
<th>
|
<th>
|
||||||
<div class="form-check form-check-inline">
|
<div class="form-check">
|
||||||
<input id="selectPage" class="form-check-input" type="checkbox" onchange="onRowSelect(true)">
|
<input id="selectPage" class="form-check-input" type="checkbox" onchange="onRowSelect(true)">
|
||||||
</div>
|
</div>
|
||||||
</th>
|
</th>
|
||||||
@ -191,7 +197,7 @@
|
|||||||
@{
|
@{
|
||||||
var i2 = i;
|
var i2 = i;
|
||||||
}
|
}
|
||||||
<input class="form-check-input row-check" onchange="onRowSelect()" asp-for="@Model.Items[i2].Selected">
|
<input class="form-check-input row-check mt-0" onchange="onRowSelect()" asp-for="@Model.Items[i2].Selected">
|
||||||
</div>
|
</div>
|
||||||
</td>
|
</td>
|
||||||
<td>
|
<td>
|
||||||
@ -214,9 +220,9 @@
|
|||||||
}
|
}
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
</div>
|
</div>
|
||||||
<nav class="d-inline-flex">
|
<nav class="d-inline-flex align-items-center">
|
||||||
<ul class="pagination">
|
<ul class="pagination mb-0">
|
||||||
@if (!string.IsNullOrWhiteSpace(Model.Filter.EndingBefore))
|
@if (!string.IsNullOrWhiteSpace(Model.Filter.EndingBefore))
|
||||||
{
|
{
|
||||||
<input type="hidden" asp-for="@Model.Filter.EndingBefore" value="@Model.Filter.EndingBefore">
|
<input type="hidden" asp-for="@Model.Filter.EndingBefore" value="@Model.Filter.EndingBefore">
|
||||||
@ -257,25 +263,15 @@
|
|||||||
</li>
|
</li>
|
||||||
}
|
}
|
||||||
</ul>
|
</ul>
|
||||||
<span id="bulkActions" class="d-none ml-2">
|
<span id="bulkActions" class="d-none ms-3">
|
||||||
<span class="d-inline-flex">
|
<span class="d-inline-flex gap-2">
|
||||||
<button
|
<button type="submit" class="btn btn-primary" name="action" asp-for="Action" value="@StripeSubscriptionsAction.Export">
|
||||||
type="submit"
|
|
||||||
class="btn btn-primary mr-1"
|
|
||||||
name="action"
|
|
||||||
asp-for="Action"
|
|
||||||
value="@StripeSubscriptionsAction.Export">
|
|
||||||
Export
|
Export
|
||||||
</button>
|
</button>
|
||||||
<button
|
<button type="submit" class="btn btn-danger" name="action" asp-for="Action" value="@StripeSubscriptionsAction.BulkCancel">
|
||||||
type="submit"
|
|
||||||
class="btn btn-danger"
|
|
||||||
name="action"
|
|
||||||
asp-for="Action"
|
|
||||||
value="@StripeSubscriptionsAction.BulkCancel">
|
|
||||||
Bulk Cancel
|
Bulk Cancel
|
||||||
</button>
|
</button>
|
||||||
</span>
|
</span>
|
||||||
</span>
|
</span>
|
||||||
</nav>
|
</nav>
|
||||||
</form>
|
</form>
|
||||||
|
@ -27,20 +27,20 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<form method="post" enctype="multipart/form-data" asp-action="TaxRateUpload">
|
<form method="post" enctype="multipart/form-data" asp-action="TaxRateUpload">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<input type="file" name="file" />
|
<input type="file" class="form-control" name="file" />
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<input type="submit" value="Upload" class="btn btn-primary mb-2" />
|
<input type="submit" value="Upload" class="btn btn-primary" />
|
||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<hr/>
|
<hr class="my-4">
|
||||||
<h2>View & Manage Tax Rates</h2>
|
<h2>View & Manage Tax Rates</h2>
|
||||||
<a class="btn btn-primary mb-2" asp-controller="Tools" asp-action="TaxRateAddEdit">Add a Rate</a>
|
<a class="btn btn-primary mb-3" asp-controller="Tools" asp-action="TaxRateAddEdit">Add a Rate</a>
|
||||||
<div class="table-responsive">
|
<div class="table-responsive">
|
||||||
<table class="table table-striped table-hover">
|
<table class="table table-striped table-hover align-middle">
|
||||||
<thead>
|
<thead>
|
||||||
<tr>
|
<tr>
|
||||||
<th style="width: 190px;">Id</th>
|
<th style="width: 190px;">Id</th>
|
||||||
@ -97,7 +97,7 @@
|
|||||||
</table>
|
</table>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<nav>
|
<nav aria-label="Tax rates pagination">
|
||||||
<ul class="pagination">
|
<ul class="pagination">
|
||||||
@if(Model.PreviousPage.HasValue)
|
@if(Model.PreviousPage.HasValue)
|
||||||
{
|
{
|
||||||
|
@ -115,8 +115,8 @@
|
|||||||
<h2>Premium</h2>
|
<h2>Premium</h2>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="MaxStorageGb"></label>
|
<label asp-for="MaxStorageGb" class="form-label"></label>
|
||||||
<input type="number" class="form-control" asp-for="MaxStorageGb" min="1" readonly='@(!canEditPremium)'>
|
<input type="number" class="form-control" asp-for="MaxStorageGb" min="1" readonly='@(!canEditPremium)'>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -131,14 +131,14 @@
|
|||||||
<h2>Licensing</h2>
|
<h2>Licensing</h2>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="LicenseKey"></label>
|
<label asp-for="LicenseKey" class="form-label"></label>
|
||||||
<input type="text" class="form-control" asp-for="LicenseKey" readonly='@(!canEditLicensing)'>
|
<input type="text" class="form-control" asp-for="LicenseKey" readonly='@(!canEditLicensing)'>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-sm">
|
<div class="col-sm">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="PremiumExpirationDate"></label>
|
<label asp-for="PremiumExpirationDate" class="form-label"></label>
|
||||||
<input type="datetime-local" class="form-control" asp-for="PremiumExpirationDate" readonly='@(!canEditLicensing)'>
|
<input type="datetime-local" class="form-control" asp-for="PremiumExpirationDate" readonly='@(!canEditLicensing)'>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -149,44 +149,38 @@
|
|||||||
<h2>Billing</h2>
|
<h2>Billing</h2>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-md">
|
<div class="col-md">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<div class="form-group">
|
<label asp-for="Gateway" class="form-label"></label>
|
||||||
<label asp-for="Gateway"></label>
|
<select class="form-select" asp-for="Gateway" disabled='@(canEditBilling ? null : "disabled")'
|
||||||
<select class="form-control" asp-for="Gateway" disabled='@(canEditBilling ? null : "disabled")'
|
|
||||||
asp-items="Html.GetEnumSelectList<Bit.Core.Enums.GatewayType>()">
|
asp-items="Html.GetEnumSelectList<Bit.Core.Enums.GatewayType>()">
|
||||||
<option value="">--</option>
|
<option value="">--</option>
|
||||||
</select>
|
</select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
|
||||||
<div class="col-md">
|
<div class="col-md">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="GatewayCustomerId"></label>
|
<label asp-for="GatewayCustomerId" class="form-label"></label>
|
||||||
<div class="input-group">
|
<div class="input-group">
|
||||||
<input type="text" class="form-control" asp-for="GatewayCustomerId" readonly='@(!canEditBilling)'>
|
<input type="text" class="form-control" asp-for="GatewayCustomerId" readonly='@(!canEditBilling)'>
|
||||||
@if (canLaunchGateway)
|
@if (canLaunchGateway)
|
||||||
{
|
{
|
||||||
<div class="input-group-append">
|
|
||||||
<button class="btn btn-secondary" type="button" id="gateway-customer-link">
|
<button class="btn btn-secondary" type="button" id="gateway-customer-link">
|
||||||
<i class="fa fa-external-link"></i>
|
<i class="fa fa-external-link"></i>
|
||||||
</button>
|
</button>
|
||||||
</div>
|
|
||||||
}
|
}
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-md">
|
<div class="col-md">
|
||||||
<div class="form-group">
|
<div class="mb-3">
|
||||||
<label asp-for="GatewaySubscriptionId"></label>
|
<label asp-for="GatewaySubscriptionId" class="form-label"></label>
|
||||||
<div class="input-group">
|
<div class="input-group">
|
||||||
<input type="text" class="form-control" asp-for="GatewaySubscriptionId" readonly='@(!canEditBilling)'>
|
<input type="text" class="form-control" asp-for="GatewaySubscriptionId" readonly='@(!canEditBilling)'>
|
||||||
@if (canLaunchGateway)
|
@if (canLaunchGateway)
|
||||||
{
|
{
|
||||||
<div class="input-group-append">
|
|
||||||
<button class="btn btn-secondary" type="button" id="gateway-subscription-link">
|
<button class="btn btn-secondary" type="button" id="gateway-subscription-link">
|
||||||
<i class="fa fa-external-link"></i>
|
<i class="fa fa-external-link"></i>
|
||||||
</button>
|
</button>
|
||||||
</div>
|
|
||||||
}
|
}
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -196,10 +190,10 @@
|
|||||||
</form>
|
</form>
|
||||||
<div class="d-flex mt-4">
|
<div class="d-flex mt-4">
|
||||||
<button type="submit" class="btn btn-primary" form="edit-form">Save</button>
|
<button type="submit" class="btn btn-primary" form="edit-form">Save</button>
|
||||||
<div class="ml-auto d-flex">
|
<div class="ms-auto d-flex">
|
||||||
@if (canUpgradePremium)
|
@if (canUpgradePremium)
|
||||||
{
|
{
|
||||||
<button class="btn btn-secondary mr-2" type="button" id="upgrade-premium">
|
<button class="btn btn-secondary me-2" type="button" id="upgrade-premium">
|
||||||
Upgrade Premium
|
Upgrade Premium
|
||||||
</button>
|
</button>
|
||||||
}
|
}
|
||||||
|
@ -5,10 +5,16 @@
|
|||||||
|
|
||||||
<h1>Users</h1>
|
<h1>Users</h1>
|
||||||
|
|
||||||
<form class="form-inline mb-2" method="get">
|
<form class="row row-cols-lg-auto g-3 align-items-center mb-2" method="get">
|
||||||
<label class="sr-only" asp-for="Email">Email</label>
|
<div class="col-12">
|
||||||
<input type="text" class="form-control mb-2 mr-2" placeholder="Email" asp-for="Email" name="email">
|
<label class="visually-hidden" asp-for="Email">Email</label>
|
||||||
<button type="submit" class="btn btn-primary mb-2" title="Search"><i class="fa fa-search"></i> Search</button>
|
<input type="text" class="form-control" placeholder="Email" asp-for="Email" name="email">
|
||||||
|
</div>
|
||||||
|
<div class="col-12">
|
||||||
|
<button type="submit" class="btn btn-primary" title="Search">
|
||||||
|
<i class="fa fa-search"></i> Search
|
||||||
|
</button>
|
||||||
|
</div>
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
<div class="table-responsive">
|
<div class="table-responsive">
|
||||||
@ -49,7 +55,7 @@
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
<i class="fa fa-star-o fa-lg fa-fw text-muted" title="Not Premium"></i>
|
<i class="fa fa-star-o fa-lg fa-fw text-body-secondary" title="Not Premium"></i>
|
||||||
}
|
}
|
||||||
@if (user.MaxStorageGb.HasValue && user.MaxStorageGb > 1)
|
@if (user.MaxStorageGb.HasValue && user.MaxStorageGb > 1)
|
||||||
{
|
{
|
||||||
@ -59,7 +65,7 @@
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
<i class="fa fa-plus-square-o fa-lg fa-fw text-muted"
|
<i class="fa fa-plus-square-o fa-lg fa-fw text-body-secondary"
|
||||||
title="No Additional Storage">
|
title="No Additional Storage">
|
||||||
</i>
|
</i>
|
||||||
}
|
}
|
||||||
@ -69,7 +75,7 @@
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
<i class="fa fa-times-circle-o fa-lg fa-fw text-muted" title="Email Not Verified"></i>
|
<i class="fa fa-times-circle-o fa-lg fa-fw text-body-secondary" title="Email Not Verified"></i>
|
||||||
}
|
}
|
||||||
@if (user.TwoFactorEnabled)
|
@if (user.TwoFactorEnabled)
|
||||||
{
|
{
|
||||||
@ -77,7 +83,7 @@
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
<i class="fa fa-unlock fa-lg fa-fw text-muted" title="2FA Not Enabled"></i>
|
<i class="fa fa-unlock fa-lg fa-fw text-body-secondary" title="2FA Not Enabled"></i>
|
||||||
}
|
}
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
35
src/Admin/package-lock.json
generated
35
src/Admin/package-lock.json
generated
@ -9,10 +9,9 @@
|
|||||||
"version": "0.0.0",
|
"version": "0.0.0",
|
||||||
"license": "GPL-3.0",
|
"license": "GPL-3.0",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"bootstrap": "4.6.2",
|
"bootstrap": "5.3.3",
|
||||||
"font-awesome": "4.7.0",
|
"font-awesome": "4.7.0",
|
||||||
"jquery": "3.7.1",
|
"jquery": "3.7.1",
|
||||||
"popper.js": "1.16.1",
|
|
||||||
"toastr": "2.1.4"
|
"toastr": "2.1.4"
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
@ -385,6 +384,17 @@
|
|||||||
"url": "https://opencollective.com/parcel"
|
"url": "https://opencollective.com/parcel"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"node_modules/@popperjs/core": {
|
||||||
|
"version": "2.11.8",
|
||||||
|
"resolved": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz",
|
||||||
|
"integrity": "sha512-P1st0aksCrn9sGZhp8GMYwBnQsbvAWsZAX44oXNNvLHGqAOcoVxmjZiohstwQ7SqKnbR47akdNi+uleWD8+g6A==",
|
||||||
|
"license": "MIT",
|
||||||
|
"peer": true,
|
||||||
|
"funding": {
|
||||||
|
"type": "opencollective",
|
||||||
|
"url": "https://opencollective.com/popperjs"
|
||||||
|
}
|
||||||
|
},
|
||||||
"node_modules/@types/estree": {
|
"node_modules/@types/estree": {
|
||||||
"version": "1.0.6",
|
"version": "1.0.6",
|
||||||
"resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.6.tgz",
|
"resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.6.tgz",
|
||||||
@ -703,9 +713,9 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
"node_modules/bootstrap": {
|
"node_modules/bootstrap": {
|
||||||
"version": "4.6.2",
|
"version": "5.3.3",
|
||||||
"resolved": "https://registry.npmjs.org/bootstrap/-/bootstrap-4.6.2.tgz",
|
"resolved": "https://registry.npmjs.org/bootstrap/-/bootstrap-5.3.3.tgz",
|
||||||
"integrity": "sha512-51Bbp/Uxr9aTuy6ca/8FbFloBUJZLHwnhTcnjIeRn2suQWsWzcuJhGjKDB5eppVte/8oCdOL3VuwxvZDUggwGQ==",
|
"integrity": "sha512-8HLCdWgyoMguSO9o+aH+iuZ+aht+mzW0u3HIMzVu7Srrpv7EBBxTnrFlSCskwdY1+EOFQSm7uMJhNQHkdPcmjg==",
|
||||||
"funding": [
|
"funding": [
|
||||||
{
|
{
|
||||||
"type": "github",
|
"type": "github",
|
||||||
@ -716,10 +726,8 @@
|
|||||||
"url": "https://opencollective.com/bootstrap"
|
"url": "https://opencollective.com/bootstrap"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"license": "MIT",
|
|
||||||
"peerDependencies": {
|
"peerDependencies": {
|
||||||
"jquery": "1.9.1 - 3",
|
"@popperjs/core": "^2.11.8"
|
||||||
"popper.js": "^1.16.1"
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"node_modules/braces": {
|
"node_modules/braces": {
|
||||||
@ -1578,17 +1586,6 @@
|
|||||||
"node": ">=8"
|
"node": ">=8"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"node_modules/popper.js": {
|
|
||||||
"version": "1.16.1",
|
|
||||||
"resolved": "https://registry.npmjs.org/popper.js/-/popper.js-1.16.1.tgz",
|
|
||||||
"integrity": "sha512-Wb4p1J4zyFTbM+u6WuO4XstYx4Ky9Cewe4DWrel7B0w6VVICvPwdOpotjzcf6eD8TsckVnIMNONQyPIUFOUbCQ==",
|
|
||||||
"deprecated": "You can find the new Popper v2 at @popperjs/core, this package is dedicated to the legacy v1",
|
|
||||||
"license": "MIT",
|
|
||||||
"funding": {
|
|
||||||
"type": "opencollective",
|
|
||||||
"url": "https://opencollective.com/popperjs"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"node_modules/postcss": {
|
"node_modules/postcss": {
|
||||||
"version": "8.4.47",
|
"version": "8.4.47",
|
||||||
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.47.tgz",
|
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.47.tgz",
|
||||||
|
@ -8,10 +8,9 @@
|
|||||||
"build": "webpack"
|
"build": "webpack"
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"bootstrap": "4.6.2",
|
"bootstrap": "5.3.3",
|
||||||
"font-awesome": "4.7.0",
|
"font-awesome": "4.7.0",
|
||||||
"jquery": "3.7.1",
|
"jquery": "3.7.1",
|
||||||
"popper.js": "1.16.1",
|
|
||||||
"toastr": "2.1.4"
|
"toastr": "2.1.4"
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
|
@ -13,8 +13,6 @@ module.exports = {
|
|||||||
entry: {
|
entry: {
|
||||||
site: [
|
site: [
|
||||||
path.resolve(__dirname, paths.sassDir, "site.scss"),
|
path.resolve(__dirname, paths.sassDir, "site.scss"),
|
||||||
|
|
||||||
"popper.js",
|
|
||||||
"bootstrap",
|
"bootstrap",
|
||||||
"jquery",
|
"jquery",
|
||||||
"font-awesome/css/font-awesome.css",
|
"font-awesome/css/font-awesome.css",
|
||||||
|
@ -213,7 +213,7 @@ public class MembersController : Controller
|
|||||||
{
|
{
|
||||||
return new NotFoundResult();
|
return new NotFoundResult();
|
||||||
}
|
}
|
||||||
await _updateOrganizationUserGroupsCommand.UpdateUserGroupsAsync(existingUser, model.GroupIds, null);
|
await _updateOrganizationUserGroupsCommand.UpdateUserGroupsAsync(existingUser, model.GroupIds);
|
||||||
return new OkResult();
|
return new OkResult();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -4,15 +4,14 @@ using Bit.Api.Auth.Models.Response.TwoFactor;
|
|||||||
using Bit.Api.Models.Request;
|
using Bit.Api.Models.Request;
|
||||||
using Bit.Api.Models.Response;
|
using Bit.Api.Models.Response;
|
||||||
using Bit.Core.Auth.Enums;
|
using Bit.Core.Auth.Enums;
|
||||||
|
using Bit.Core.Auth.Identity.TokenProviders;
|
||||||
using Bit.Core.Auth.LoginFeatures.PasswordlessLogin.Interfaces;
|
using Bit.Core.Auth.LoginFeatures.PasswordlessLogin.Interfaces;
|
||||||
using Bit.Core.Auth.Models.Business.Tokenables;
|
using Bit.Core.Auth.Models.Business.Tokenables;
|
||||||
using Bit.Core.Auth.Utilities;
|
|
||||||
using Bit.Core.Context;
|
using Bit.Core.Context;
|
||||||
using Bit.Core.Entities;
|
using Bit.Core.Entities;
|
||||||
using Bit.Core.Exceptions;
|
using Bit.Core.Exceptions;
|
||||||
using Bit.Core.Repositories;
|
using Bit.Core.Repositories;
|
||||||
using Bit.Core.Services;
|
using Bit.Core.Services;
|
||||||
using Bit.Core.Settings;
|
|
||||||
using Bit.Core.Tokens;
|
using Bit.Core.Tokens;
|
||||||
using Bit.Core.Utilities;
|
using Bit.Core.Utilities;
|
||||||
using Fido2NetLib;
|
using Fido2NetLib;
|
||||||
@ -29,11 +28,10 @@ public class TwoFactorController : Controller
|
|||||||
private readonly IUserService _userService;
|
private readonly IUserService _userService;
|
||||||
private readonly IOrganizationRepository _organizationRepository;
|
private readonly IOrganizationRepository _organizationRepository;
|
||||||
private readonly IOrganizationService _organizationService;
|
private readonly IOrganizationService _organizationService;
|
||||||
private readonly GlobalSettings _globalSettings;
|
|
||||||
private readonly UserManager<User> _userManager;
|
private readonly UserManager<User> _userManager;
|
||||||
private readonly ICurrentContext _currentContext;
|
private readonly ICurrentContext _currentContext;
|
||||||
private readonly IVerifyAuthRequestCommand _verifyAuthRequestCommand;
|
private readonly IVerifyAuthRequestCommand _verifyAuthRequestCommand;
|
||||||
private readonly IFeatureService _featureService;
|
private readonly IDuoUniversalTokenService _duoUniversalTokenService;
|
||||||
private readonly IDataProtectorTokenFactory<TwoFactorAuthenticatorUserVerificationTokenable> _twoFactorAuthenticatorDataProtector;
|
private readonly IDataProtectorTokenFactory<TwoFactorAuthenticatorUserVerificationTokenable> _twoFactorAuthenticatorDataProtector;
|
||||||
private readonly IDataProtectorTokenFactory<SsoEmail2faSessionTokenable> _ssoEmailTwoFactorSessionDataProtector;
|
private readonly IDataProtectorTokenFactory<SsoEmail2faSessionTokenable> _ssoEmailTwoFactorSessionDataProtector;
|
||||||
|
|
||||||
@ -41,22 +39,20 @@ public class TwoFactorController : Controller
|
|||||||
IUserService userService,
|
IUserService userService,
|
||||||
IOrganizationRepository organizationRepository,
|
IOrganizationRepository organizationRepository,
|
||||||
IOrganizationService organizationService,
|
IOrganizationService organizationService,
|
||||||
GlobalSettings globalSettings,
|
|
||||||
UserManager<User> userManager,
|
UserManager<User> userManager,
|
||||||
ICurrentContext currentContext,
|
ICurrentContext currentContext,
|
||||||
IVerifyAuthRequestCommand verifyAuthRequestCommand,
|
IVerifyAuthRequestCommand verifyAuthRequestCommand,
|
||||||
IFeatureService featureService,
|
IDuoUniversalTokenService duoUniversalConfigService,
|
||||||
IDataProtectorTokenFactory<TwoFactorAuthenticatorUserVerificationTokenable> twoFactorAuthenticatorDataProtector,
|
IDataProtectorTokenFactory<TwoFactorAuthenticatorUserVerificationTokenable> twoFactorAuthenticatorDataProtector,
|
||||||
IDataProtectorTokenFactory<SsoEmail2faSessionTokenable> ssoEmailTwoFactorSessionDataProtector)
|
IDataProtectorTokenFactory<SsoEmail2faSessionTokenable> ssoEmailTwoFactorSessionDataProtector)
|
||||||
{
|
{
|
||||||
_userService = userService;
|
_userService = userService;
|
||||||
_organizationRepository = organizationRepository;
|
_organizationRepository = organizationRepository;
|
||||||
_organizationService = organizationService;
|
_organizationService = organizationService;
|
||||||
_globalSettings = globalSettings;
|
|
||||||
_userManager = userManager;
|
_userManager = userManager;
|
||||||
_currentContext = currentContext;
|
_currentContext = currentContext;
|
||||||
_verifyAuthRequestCommand = verifyAuthRequestCommand;
|
_verifyAuthRequestCommand = verifyAuthRequestCommand;
|
||||||
_featureService = featureService;
|
_duoUniversalTokenService = duoUniversalConfigService;
|
||||||
_twoFactorAuthenticatorDataProtector = twoFactorAuthenticatorDataProtector;
|
_twoFactorAuthenticatorDataProtector = twoFactorAuthenticatorDataProtector;
|
||||||
_ssoEmailTwoFactorSessionDataProtector = ssoEmailTwoFactorSessionDataProtector;
|
_ssoEmailTwoFactorSessionDataProtector = ssoEmailTwoFactorSessionDataProtector;
|
||||||
}
|
}
|
||||||
@ -184,21 +180,7 @@ public class TwoFactorController : Controller
|
|||||||
public async Task<TwoFactorDuoResponseModel> PutDuo([FromBody] UpdateTwoFactorDuoRequestModel model)
|
public async Task<TwoFactorDuoResponseModel> PutDuo([FromBody] UpdateTwoFactorDuoRequestModel model)
|
||||||
{
|
{
|
||||||
var user = await CheckAsync(model, true);
|
var user = await CheckAsync(model, true);
|
||||||
try
|
if (!await _duoUniversalTokenService.ValidateDuoConfiguration(model.ClientSecret, model.ClientId, model.Host))
|
||||||
{
|
|
||||||
// for backwards compatibility - will be removed with PM-8107
|
|
||||||
DuoApi duoApi = null;
|
|
||||||
if (model.ClientId != null && model.ClientSecret != null)
|
|
||||||
{
|
|
||||||
duoApi = new DuoApi(model.ClientId, model.ClientSecret, model.Host);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
duoApi = new DuoApi(model.IntegrationKey, model.SecretKey, model.Host);
|
|
||||||
}
|
|
||||||
await duoApi.JSONApiCall("GET", "/auth/v2/check");
|
|
||||||
}
|
|
||||||
catch (DuoException)
|
|
||||||
{
|
{
|
||||||
throw new BadRequestException(
|
throw new BadRequestException(
|
||||||
"Duo configuration settings are not valid. Please re-check the Duo Admin panel.");
|
"Duo configuration settings are not valid. Please re-check the Duo Admin panel.");
|
||||||
@ -241,21 +223,7 @@ public class TwoFactorController : Controller
|
|||||||
}
|
}
|
||||||
|
|
||||||
var organization = await _organizationRepository.GetByIdAsync(orgIdGuid) ?? throw new NotFoundException();
|
var organization = await _organizationRepository.GetByIdAsync(orgIdGuid) ?? throw new NotFoundException();
|
||||||
try
|
if (!await _duoUniversalTokenService.ValidateDuoConfiguration(model.ClientSecret, model.ClientId, model.Host))
|
||||||
{
|
|
||||||
// for backwards compatibility - will be removed with PM-8107
|
|
||||||
DuoApi duoApi = null;
|
|
||||||
if (model.ClientId != null && model.ClientSecret != null)
|
|
||||||
{
|
|
||||||
duoApi = new DuoApi(model.ClientId, model.ClientSecret, model.Host);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
duoApi = new DuoApi(model.IntegrationKey, model.SecretKey, model.Host);
|
|
||||||
}
|
|
||||||
await duoApi.JSONApiCall("GET", "/auth/v2/check");
|
|
||||||
}
|
|
||||||
catch (DuoException)
|
|
||||||
{
|
{
|
||||||
throw new BadRequestException(
|
throw new BadRequestException(
|
||||||
"Duo configuration settings are not valid. Please re-check the Duo Admin panel.");
|
"Duo configuration settings are not valid. Please re-check the Duo Admin panel.");
|
||||||
|
@ -2,8 +2,8 @@
|
|||||||
using Bit.Api.Auth.Models.Request.Accounts;
|
using Bit.Api.Auth.Models.Request.Accounts;
|
||||||
using Bit.Core.AdminConsole.Entities;
|
using Bit.Core.AdminConsole.Entities;
|
||||||
using Bit.Core.Auth.Enums;
|
using Bit.Core.Auth.Enums;
|
||||||
|
using Bit.Core.Auth.Identity.TokenProviders;
|
||||||
using Bit.Core.Auth.Models;
|
using Bit.Core.Auth.Models;
|
||||||
using Bit.Core.Auth.Utilities;
|
|
||||||
using Bit.Core.Entities;
|
using Bit.Core.Entities;
|
||||||
using Fido2NetLib;
|
using Fido2NetLib;
|
||||||
|
|
||||||
@ -43,21 +43,16 @@ public class UpdateTwoFactorAuthenticatorRequestModel : SecretVerificationReques
|
|||||||
public class UpdateTwoFactorDuoRequestModel : SecretVerificationRequestModel, IValidatableObject
|
public class UpdateTwoFactorDuoRequestModel : SecretVerificationRequestModel, IValidatableObject
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
To support both v2 and v4 we need to remove the required annotation from the properties.
|
String lengths based on Duo's documentation
|
||||||
todo - the required annotation will be added back in PM-8107.
|
https://github.com/duosecurity/duo_universal_csharp/blob/main/DuoUniversal/Client.cs
|
||||||
*/
|
*/
|
||||||
[StringLength(50)]
|
|
||||||
public string ClientId { get; set; }
|
|
||||||
[StringLength(50)]
|
|
||||||
public string ClientSecret { get; set; }
|
|
||||||
//todo - will remove SKey and IKey with PM-8107
|
|
||||||
[StringLength(50)]
|
|
||||||
public string IntegrationKey { get; set; }
|
|
||||||
//todo - will remove SKey and IKey with PM-8107
|
|
||||||
[StringLength(50)]
|
|
||||||
public string SecretKey { get; set; }
|
|
||||||
[Required]
|
[Required]
|
||||||
[StringLength(50)]
|
[StringLength(20, MinimumLength = 20, ErrorMessage = "Client Id must be exactly 20 characters.")]
|
||||||
|
public string ClientId { get; set; }
|
||||||
|
[Required]
|
||||||
|
[StringLength(40, MinimumLength = 40, ErrorMessage = "Client Secret must be exactly 40 characters.")]
|
||||||
|
public string ClientSecret { get; set; }
|
||||||
|
[Required]
|
||||||
public string Host { get; set; }
|
public string Host { get; set; }
|
||||||
|
|
||||||
public User ToUser(User existingUser)
|
public User ToUser(User existingUser)
|
||||||
@ -65,22 +60,17 @@ public class UpdateTwoFactorDuoRequestModel : SecretVerificationRequestModel, IV
|
|||||||
var providers = existingUser.GetTwoFactorProviders();
|
var providers = existingUser.GetTwoFactorProviders();
|
||||||
if (providers == null)
|
if (providers == null)
|
||||||
{
|
{
|
||||||
providers = new Dictionary<TwoFactorProviderType, TwoFactorProvider>();
|
providers = [];
|
||||||
}
|
}
|
||||||
else if (providers.ContainsKey(TwoFactorProviderType.Duo))
|
else if (providers.ContainsKey(TwoFactorProviderType.Duo))
|
||||||
{
|
{
|
||||||
providers.Remove(TwoFactorProviderType.Duo);
|
providers.Remove(TwoFactorProviderType.Duo);
|
||||||
}
|
}
|
||||||
|
|
||||||
Temporary_SyncDuoParams();
|
|
||||||
|
|
||||||
providers.Add(TwoFactorProviderType.Duo, new TwoFactorProvider
|
providers.Add(TwoFactorProviderType.Duo, new TwoFactorProvider
|
||||||
{
|
{
|
||||||
MetaData = new Dictionary<string, object>
|
MetaData = new Dictionary<string, object>
|
||||||
{
|
{
|
||||||
//todo - will remove SKey and IKey with PM-8107
|
|
||||||
["SKey"] = SecretKey,
|
|
||||||
["IKey"] = IntegrationKey,
|
|
||||||
["ClientSecret"] = ClientSecret,
|
["ClientSecret"] = ClientSecret,
|
||||||
["ClientId"] = ClientId,
|
["ClientId"] = ClientId,
|
||||||
["Host"] = Host
|
["Host"] = Host
|
||||||
@ -96,22 +86,17 @@ public class UpdateTwoFactorDuoRequestModel : SecretVerificationRequestModel, IV
|
|||||||
var providers = existingOrg.GetTwoFactorProviders();
|
var providers = existingOrg.GetTwoFactorProviders();
|
||||||
if (providers == null)
|
if (providers == null)
|
||||||
{
|
{
|
||||||
providers = new Dictionary<TwoFactorProviderType, TwoFactorProvider>();
|
providers = [];
|
||||||
}
|
}
|
||||||
else if (providers.ContainsKey(TwoFactorProviderType.OrganizationDuo))
|
else if (providers.ContainsKey(TwoFactorProviderType.OrganizationDuo))
|
||||||
{
|
{
|
||||||
providers.Remove(TwoFactorProviderType.OrganizationDuo);
|
providers.Remove(TwoFactorProviderType.OrganizationDuo);
|
||||||
}
|
}
|
||||||
|
|
||||||
Temporary_SyncDuoParams();
|
|
||||||
|
|
||||||
providers.Add(TwoFactorProviderType.OrganizationDuo, new TwoFactorProvider
|
providers.Add(TwoFactorProviderType.OrganizationDuo, new TwoFactorProvider
|
||||||
{
|
{
|
||||||
MetaData = new Dictionary<string, object>
|
MetaData = new Dictionary<string, object>
|
||||||
{
|
{
|
||||||
//todo - will remove SKey and IKey with PM-8107
|
|
||||||
["SKey"] = SecretKey,
|
|
||||||
["IKey"] = IntegrationKey,
|
|
||||||
["ClientSecret"] = ClientSecret,
|
["ClientSecret"] = ClientSecret,
|
||||||
["ClientId"] = ClientId,
|
["ClientId"] = ClientId,
|
||||||
["Host"] = Host
|
["Host"] = Host
|
||||||
@ -124,34 +109,22 @@ public class UpdateTwoFactorDuoRequestModel : SecretVerificationRequestModel, IV
|
|||||||
|
|
||||||
public override IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
|
public override IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
|
||||||
{
|
{
|
||||||
if (!DuoApi.ValidHost(Host))
|
var results = new List<ValidationResult>();
|
||||||
|
if (string.IsNullOrWhiteSpace(ClientId))
|
||||||
{
|
{
|
||||||
yield return new ValidationResult("Host is invalid.", [nameof(Host)]);
|
results.Add(new ValidationResult("ClientId is required.", [nameof(ClientId)]));
|
||||||
}
|
|
||||||
if (string.IsNullOrWhiteSpace(ClientSecret) && string.IsNullOrWhiteSpace(ClientId) &&
|
|
||||||
string.IsNullOrWhiteSpace(SecretKey) && string.IsNullOrWhiteSpace(IntegrationKey))
|
|
||||||
{
|
|
||||||
yield return new ValidationResult("Neither v2 or v4 values are valid.", [nameof(IntegrationKey), nameof(SecretKey), nameof(ClientSecret), nameof(ClientId)]);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
if (string.IsNullOrWhiteSpace(ClientSecret))
|
||||||
use this method to ensure that both v2 params and v4 params are in sync
|
|
||||||
todo will be removed in pm-8107
|
|
||||||
*/
|
|
||||||
private void Temporary_SyncDuoParams()
|
|
||||||
{
|
{
|
||||||
// Even if IKey and SKey exist prioritize v4 params ClientId and ClientSecret
|
results.Add(new ValidationResult("ClientSecret is required.", [nameof(ClientSecret)]));
|
||||||
if (!string.IsNullOrWhiteSpace(ClientSecret) && !string.IsNullOrWhiteSpace(ClientId))
|
|
||||||
{
|
|
||||||
SecretKey = ClientSecret;
|
|
||||||
IntegrationKey = ClientId;
|
|
||||||
}
|
}
|
||||||
else if (!string.IsNullOrWhiteSpace(SecretKey) && !string.IsNullOrWhiteSpace(IntegrationKey))
|
|
||||||
|
if (string.IsNullOrWhiteSpace(Host) || !DuoUniversalTokenService.ValidDuoHost(Host))
|
||||||
{
|
{
|
||||||
ClientSecret = SecretKey;
|
results.Add(new ValidationResult("Host is invalid.", [nameof(Host)]));
|
||||||
ClientId = IntegrationKey;
|
|
||||||
}
|
}
|
||||||
|
return results;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -13,37 +13,26 @@ public class TwoFactorDuoResponseModel : ResponseModel
|
|||||||
public TwoFactorDuoResponseModel(User user)
|
public TwoFactorDuoResponseModel(User user)
|
||||||
: base(ResponseObj)
|
: base(ResponseObj)
|
||||||
{
|
{
|
||||||
if (user == null)
|
ArgumentNullException.ThrowIfNull(user);
|
||||||
{
|
|
||||||
throw new ArgumentNullException(nameof(user));
|
|
||||||
}
|
|
||||||
|
|
||||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
||||||
Build(provider);
|
Build(provider);
|
||||||
}
|
}
|
||||||
|
|
||||||
public TwoFactorDuoResponseModel(Organization org)
|
public TwoFactorDuoResponseModel(Organization organization)
|
||||||
: base(ResponseObj)
|
: base(ResponseObj)
|
||||||
{
|
{
|
||||||
if (org == null)
|
ArgumentNullException.ThrowIfNull(organization);
|
||||||
{
|
|
||||||
throw new ArgumentNullException(nameof(org));
|
|
||||||
}
|
|
||||||
|
|
||||||
var provider = org.GetTwoFactorProvider(TwoFactorProviderType.OrganizationDuo);
|
var provider = organization.GetTwoFactorProvider(TwoFactorProviderType.OrganizationDuo);
|
||||||
Build(provider);
|
Build(provider);
|
||||||
}
|
}
|
||||||
|
|
||||||
public bool Enabled { get; set; }
|
public bool Enabled { get; set; }
|
||||||
public string Host { get; set; }
|
public string Host { get; set; }
|
||||||
//TODO - will remove SecretKey with PM-8107
|
|
||||||
public string SecretKey { get; set; }
|
|
||||||
//TODO - will remove IntegrationKey with PM-8107
|
|
||||||
public string IntegrationKey { get; set; }
|
|
||||||
public string ClientSecret { get; set; }
|
public string ClientSecret { get; set; }
|
||||||
public string ClientId { get; set; }
|
public string ClientId { get; set; }
|
||||||
|
|
||||||
// updated build to assist in the EDD migration for the Duo 2FA provider
|
|
||||||
private void Build(TwoFactorProvider provider)
|
private void Build(TwoFactorProvider provider)
|
||||||
{
|
{
|
||||||
if (provider?.MetaData != null && provider.MetaData.Count > 0)
|
if (provider?.MetaData != null && provider.MetaData.Count > 0)
|
||||||
@ -54,36 +43,13 @@ public class TwoFactorDuoResponseModel : ResponseModel
|
|||||||
{
|
{
|
||||||
Host = (string)host;
|
Host = (string)host;
|
||||||
}
|
}
|
||||||
|
|
||||||
//todo - will remove SKey and IKey with PM-8107
|
|
||||||
// check Skey and IKey first if they exist
|
|
||||||
if (provider.MetaData.TryGetValue("SKey", out var sKey))
|
|
||||||
{
|
|
||||||
ClientSecret = MaskKey((string)sKey);
|
|
||||||
SecretKey = MaskKey((string)sKey);
|
|
||||||
}
|
|
||||||
if (provider.MetaData.TryGetValue("IKey", out var iKey))
|
|
||||||
{
|
|
||||||
IntegrationKey = (string)iKey;
|
|
||||||
ClientId = (string)iKey;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Even if IKey and SKey exist prioritize v4 params ClientId and ClientSecret
|
|
||||||
if (provider.MetaData.TryGetValue("ClientSecret", out var clientSecret))
|
if (provider.MetaData.TryGetValue("ClientSecret", out var clientSecret))
|
||||||
{
|
{
|
||||||
if (!string.IsNullOrWhiteSpace((string)clientSecret))
|
ClientSecret = MaskSecret((string)clientSecret);
|
||||||
{
|
|
||||||
ClientSecret = MaskKey((string)clientSecret);
|
|
||||||
SecretKey = MaskKey((string)clientSecret);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
if (provider.MetaData.TryGetValue("ClientId", out var clientId))
|
if (provider.MetaData.TryGetValue("ClientId", out var clientId))
|
||||||
{
|
|
||||||
if (!string.IsNullOrWhiteSpace((string)clientId))
|
|
||||||
{
|
{
|
||||||
ClientId = (string)clientId;
|
ClientId = (string)clientId;
|
||||||
IntegrationKey = (string)clientId;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -92,30 +58,7 @@ public class TwoFactorDuoResponseModel : ResponseModel
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
private static string MaskSecret(string key)
|
||||||
use this method to ensure that both v2 params and v4 params are in sync
|
|
||||||
todo will be removed in pm-8107
|
|
||||||
*/
|
|
||||||
private void Temporary_SyncDuoParams()
|
|
||||||
{
|
|
||||||
// Even if IKey and SKey exist prioritize v4 params ClientId and ClientSecret
|
|
||||||
if (!string.IsNullOrWhiteSpace(ClientSecret) && !string.IsNullOrWhiteSpace(ClientId))
|
|
||||||
{
|
|
||||||
SecretKey = ClientSecret;
|
|
||||||
IntegrationKey = ClientId;
|
|
||||||
}
|
|
||||||
else if (!string.IsNullOrWhiteSpace(SecretKey) && !string.IsNullOrWhiteSpace(IntegrationKey))
|
|
||||||
{
|
|
||||||
ClientSecret = SecretKey;
|
|
||||||
ClientId = IntegrationKey;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
throw new InvalidDataException("Invalid Duo parameters.");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private static string MaskKey(string key)
|
|
||||||
{
|
{
|
||||||
if (string.IsNullOrWhiteSpace(key) || key.Length <= 6)
|
if (string.IsNullOrWhiteSpace(key) || key.Length <= 6)
|
||||||
{
|
{
|
||||||
|
@ -1,6 +1,9 @@
|
|||||||
using Bit.Api.Models.Request.Organizations;
|
using Bit.Api.Models.Request.Organizations;
|
||||||
using Bit.Api.Models.Response.Organizations;
|
using Bit.Api.Models.Response.Organizations;
|
||||||
|
using Bit.Core;
|
||||||
|
using Bit.Core.AdminConsole.Enums;
|
||||||
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationConnections.Interfaces;
|
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationConnections.Interfaces;
|
||||||
|
using Bit.Core.AdminConsole.Repositories;
|
||||||
using Bit.Core.Context;
|
using Bit.Core.Context;
|
||||||
using Bit.Core.Entities;
|
using Bit.Core.Entities;
|
||||||
using Bit.Core.Exceptions;
|
using Bit.Core.Exceptions;
|
||||||
@ -31,6 +34,8 @@ public class OrganizationSponsorshipsController : Controller
|
|||||||
private readonly ICloudSyncSponsorshipsCommand _syncSponsorshipsCommand;
|
private readonly ICloudSyncSponsorshipsCommand _syncSponsorshipsCommand;
|
||||||
private readonly ICurrentContext _currentContext;
|
private readonly ICurrentContext _currentContext;
|
||||||
private readonly IUserService _userService;
|
private readonly IUserService _userService;
|
||||||
|
private readonly IPolicyRepository _policyRepository;
|
||||||
|
private readonly IFeatureService _featureService;
|
||||||
|
|
||||||
public OrganizationSponsorshipsController(
|
public OrganizationSponsorshipsController(
|
||||||
IOrganizationSponsorshipRepository organizationSponsorshipRepository,
|
IOrganizationSponsorshipRepository organizationSponsorshipRepository,
|
||||||
@ -45,7 +50,9 @@ public class OrganizationSponsorshipsController : Controller
|
|||||||
IRemoveSponsorshipCommand removeSponsorshipCommand,
|
IRemoveSponsorshipCommand removeSponsorshipCommand,
|
||||||
ICloudSyncSponsorshipsCommand syncSponsorshipsCommand,
|
ICloudSyncSponsorshipsCommand syncSponsorshipsCommand,
|
||||||
IUserService userService,
|
IUserService userService,
|
||||||
ICurrentContext currentContext)
|
ICurrentContext currentContext,
|
||||||
|
IPolicyRepository policyRepository,
|
||||||
|
IFeatureService featureService)
|
||||||
{
|
{
|
||||||
_organizationSponsorshipRepository = organizationSponsorshipRepository;
|
_organizationSponsorshipRepository = organizationSponsorshipRepository;
|
||||||
_organizationRepository = organizationRepository;
|
_organizationRepository = organizationRepository;
|
||||||
@ -60,6 +67,8 @@ public class OrganizationSponsorshipsController : Controller
|
|||||||
_syncSponsorshipsCommand = syncSponsorshipsCommand;
|
_syncSponsorshipsCommand = syncSponsorshipsCommand;
|
||||||
_userService = userService;
|
_userService = userService;
|
||||||
_currentContext = currentContext;
|
_currentContext = currentContext;
|
||||||
|
_policyRepository = policyRepository;
|
||||||
|
_featureService = featureService;
|
||||||
}
|
}
|
||||||
|
|
||||||
[Authorize("Application")]
|
[Authorize("Application")]
|
||||||
@ -94,9 +103,20 @@ public class OrganizationSponsorshipsController : Controller
|
|||||||
[Authorize("Application")]
|
[Authorize("Application")]
|
||||||
[HttpPost("validate-token")]
|
[HttpPost("validate-token")]
|
||||||
[SelfHosted(NotSelfHostedOnly = true)]
|
[SelfHosted(NotSelfHostedOnly = true)]
|
||||||
public async Task<bool> PreValidateSponsorshipToken([FromQuery] string sponsorshipToken)
|
public async Task<PreValidateSponsorshipResponseModel> PreValidateSponsorshipToken([FromQuery] string sponsorshipToken)
|
||||||
{
|
{
|
||||||
return (await _validateRedemptionTokenCommand.ValidateRedemptionTokenAsync(sponsorshipToken, (await CurrentUser).Email)).valid;
|
var isFreeFamilyPolicyEnabled = false;
|
||||||
|
var (isValid, sponsorship) = await _validateRedemptionTokenCommand.ValidateRedemptionTokenAsync(sponsorshipToken, (await CurrentUser).Email);
|
||||||
|
if (isValid && _featureService.IsEnabled(FeatureFlagKeys.DisableFreeFamiliesSponsorship) && sponsorship.SponsoringOrganizationId.HasValue)
|
||||||
|
{
|
||||||
|
var policy = await _policyRepository.GetByOrganizationIdTypeAsync(sponsorship.SponsoringOrganizationId.Value,
|
||||||
|
PolicyType.FreeFamiliesSponsorshipPolicy);
|
||||||
|
isFreeFamilyPolicyEnabled = policy?.Enabled ?? false;
|
||||||
|
}
|
||||||
|
|
||||||
|
var response = PreValidateSponsorshipResponseModel.From(isValid, isFreeFamilyPolicyEnabled);
|
||||||
|
|
||||||
|
return response;
|
||||||
}
|
}
|
||||||
|
|
||||||
[Authorize("Application")]
|
[Authorize("Application")]
|
||||||
|
@ -23,7 +23,6 @@ using Microsoft.OpenApi.Models;
|
|||||||
using Bit.SharedWeb.Utilities;
|
using Bit.SharedWeb.Utilities;
|
||||||
using Microsoft.AspNetCore.Diagnostics.HealthChecks;
|
using Microsoft.AspNetCore.Diagnostics.HealthChecks;
|
||||||
using Microsoft.Extensions.DependencyInjection.Extensions;
|
using Microsoft.Extensions.DependencyInjection.Extensions;
|
||||||
using Bit.Core.Auth.Identity;
|
|
||||||
using Bit.Core.Auth.UserFeatures;
|
using Bit.Core.Auth.UserFeatures;
|
||||||
using Bit.Core.Entities;
|
using Bit.Core.Entities;
|
||||||
using Bit.Core.Billing.Extensions;
|
using Bit.Core.Billing.Extensions;
|
||||||
@ -32,10 +31,10 @@ using Bit.Core.Tools.Entities;
|
|||||||
using Bit.Core.Vault.Entities;
|
using Bit.Core.Vault.Entities;
|
||||||
using Bit.Api.Auth.Models.Request.WebAuthn;
|
using Bit.Api.Auth.Models.Request.WebAuthn;
|
||||||
using Bit.Core.Auth.Models.Data;
|
using Bit.Core.Auth.Models.Data;
|
||||||
|
using Bit.Core.Auth.Identity.TokenProviders;
|
||||||
using Bit.Core.Tools.ReportFeatures;
|
using Bit.Core.Tools.ReportFeatures;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#if !OSS
|
#if !OSS
|
||||||
using Bit.Commercial.Core.SecretsManager;
|
using Bit.Commercial.Core.SecretsManager;
|
||||||
using Bit.Commercial.Core.Utilities;
|
using Bit.Commercial.Core.Utilities;
|
||||||
|
@ -13,7 +13,7 @@
|
|||||||
<input asp-for="Email" type="email" class="form-control" placeholder="ex. john@example.com"
|
<input asp-for="Email" type="email" class="form-control" placeholder="ex. john@example.com"
|
||||||
required autofocus>
|
required autofocus>
|
||||||
<span asp-validation-for="Email" class="invalid-feedback"></span>
|
<span asp-validation-for="Email" class="invalid-feedback"></span>
|
||||||
<small class="form-text text-muted">We'll email you a secure login link.</small>
|
<small class="form-text text-body-secondary">We'll email you a secure login link.</small>
|
||||||
</div>
|
</div>
|
||||||
<button class="btn btn-primary btn-block" type="submit">Continue</button>
|
<button class="btn btn-primary btn-block" type="submit">Continue</button>
|
||||||
</form>
|
</form>
|
||||||
|
@ -15,6 +15,7 @@ public enum PolicyType : byte
|
|||||||
DisablePersonalVaultExport = 10,
|
DisablePersonalVaultExport = 10,
|
||||||
ActivateAutofill = 11,
|
ActivateAutofill = 11,
|
||||||
AutomaticAppLogIn = 12,
|
AutomaticAppLogIn = 12,
|
||||||
|
FreeFamiliesSponsorshipPolicy = 13
|
||||||
}
|
}
|
||||||
|
|
||||||
public static class PolicyTypeExtensions
|
public static class PolicyTypeExtensions
|
||||||
@ -40,6 +41,7 @@ public static class PolicyTypeExtensions
|
|||||||
PolicyType.DisablePersonalVaultExport => "Remove individual vault export",
|
PolicyType.DisablePersonalVaultExport => "Remove individual vault export",
|
||||||
PolicyType.ActivateAutofill => "Active auto-fill",
|
PolicyType.ActivateAutofill => "Active auto-fill",
|
||||||
PolicyType.AutomaticAppLogIn => "Automatically log in users for allowed applications",
|
PolicyType.AutomaticAppLogIn => "Automatically log in users for allowed applications",
|
||||||
|
PolicyType.FreeFamiliesSponsorshipPolicy => "Remove Free Bitwarden Families sponsorship"
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -4,5 +4,5 @@ namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interface
|
|||||||
|
|
||||||
public interface IUpdateOrganizationUserGroupsCommand
|
public interface IUpdateOrganizationUserGroupsCommand
|
||||||
{
|
{
|
||||||
Task UpdateUserGroupsAsync(OrganizationUser organizationUser, IEnumerable<Guid> groupIds, Guid? loggedInUserId);
|
Task UpdateUserGroupsAsync(OrganizationUser organizationUser, IEnumerable<Guid> groupIds);
|
||||||
}
|
}
|
||||||
|
@ -9,25 +9,18 @@ namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers;
|
|||||||
public class UpdateOrganizationUserGroupsCommand : IUpdateOrganizationUserGroupsCommand
|
public class UpdateOrganizationUserGroupsCommand : IUpdateOrganizationUserGroupsCommand
|
||||||
{
|
{
|
||||||
private readonly IEventService _eventService;
|
private readonly IEventService _eventService;
|
||||||
private readonly IOrganizationService _organizationService;
|
|
||||||
private readonly IOrganizationUserRepository _organizationUserRepository;
|
private readonly IOrganizationUserRepository _organizationUserRepository;
|
||||||
|
|
||||||
public UpdateOrganizationUserGroupsCommand(
|
public UpdateOrganizationUserGroupsCommand(
|
||||||
IEventService eventService,
|
IEventService eventService,
|
||||||
IOrganizationService organizationService,
|
|
||||||
IOrganizationUserRepository organizationUserRepository)
|
IOrganizationUserRepository organizationUserRepository)
|
||||||
{
|
{
|
||||||
_eventService = eventService;
|
_eventService = eventService;
|
||||||
_organizationService = organizationService;
|
|
||||||
_organizationUserRepository = organizationUserRepository;
|
_organizationUserRepository = organizationUserRepository;
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task UpdateUserGroupsAsync(OrganizationUser organizationUser, IEnumerable<Guid> groupIds, Guid? loggedInUserId)
|
public async Task UpdateUserGroupsAsync(OrganizationUser organizationUser, IEnumerable<Guid> groupIds)
|
||||||
{
|
{
|
||||||
if (loggedInUserId.HasValue)
|
|
||||||
{
|
|
||||||
await _organizationService.ValidateOrganizationUserUpdatePermissions(organizationUser.OrganizationId, organizationUser.Type, null, organizationUser.GetPermissions());
|
|
||||||
}
|
|
||||||
await _organizationUserRepository.UpdateGroupsAsync(organizationUser.Id, groupIds);
|
await _organizationUserRepository.UpdateGroupsAsync(organizationUser.Id, groupIds);
|
||||||
await _eventService.LogOrganizationUserEventAsync(organizationUser, EventType.OrganizationUser_UpdatedGroups);
|
await _eventService.LogOrganizationUserEventAsync(organizationUser, EventType.OrganizationUser_UpdatedGroups);
|
||||||
}
|
}
|
||||||
|
@ -18,5 +18,6 @@ public static class PolicyServiceCollectionExtensions
|
|||||||
services.AddScoped<IPolicyValidator, RequireSsoPolicyValidator>();
|
services.AddScoped<IPolicyValidator, RequireSsoPolicyValidator>();
|
||||||
services.AddScoped<IPolicyValidator, ResetPasswordPolicyValidator>();
|
services.AddScoped<IPolicyValidator, ResetPasswordPolicyValidator>();
|
||||||
services.AddScoped<IPolicyValidator, MaximumVaultTimeoutPolicyValidator>();
|
services.AddScoped<IPolicyValidator, MaximumVaultTimeoutPolicyValidator>();
|
||||||
|
services.AddScoped<IPolicyValidator, FreeFamiliesForEnterprisePolicyValidator>();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -0,0 +1,46 @@
|
|||||||
|
#nullable enable
|
||||||
|
|
||||||
|
using Bit.Core.AdminConsole.Entities;
|
||||||
|
using Bit.Core.AdminConsole.Enums;
|
||||||
|
using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Models;
|
||||||
|
using Bit.Core.Repositories;
|
||||||
|
using Bit.Core.Services;
|
||||||
|
|
||||||
|
namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyValidators;
|
||||||
|
|
||||||
|
public class FreeFamiliesForEnterprisePolicyValidator(
|
||||||
|
IOrganizationSponsorshipRepository organizationSponsorshipRepository,
|
||||||
|
IMailService mailService,
|
||||||
|
IOrganizationRepository organizationRepository)
|
||||||
|
: IPolicyValidator
|
||||||
|
{
|
||||||
|
public PolicyType Type => PolicyType.FreeFamiliesSponsorshipPolicy;
|
||||||
|
public IEnumerable<PolicyType> RequiredPolicies => [];
|
||||||
|
|
||||||
|
public async Task OnSaveSideEffectsAsync(PolicyUpdate policyUpdate, Policy? currentPolicy)
|
||||||
|
{
|
||||||
|
if (currentPolicy is not { Enabled: true } && policyUpdate is { Enabled: true })
|
||||||
|
{
|
||||||
|
await NotifiesUserWithApplicablePoliciesAsync(policyUpdate);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private async Task NotifiesUserWithApplicablePoliciesAsync(PolicyUpdate policy)
|
||||||
|
{
|
||||||
|
var organizationSponsorships = (await organizationSponsorshipRepository.GetManyBySponsoringOrganizationAsync(policy.OrganizationId))
|
||||||
|
.Where(p => p.SponsoredOrganizationId is not null)
|
||||||
|
.ToList();
|
||||||
|
|
||||||
|
var organization = await organizationRepository.GetByIdAsync(policy.OrganizationId);
|
||||||
|
var organizationName = organization?.Name;
|
||||||
|
|
||||||
|
foreach (var org in organizationSponsorships)
|
||||||
|
{
|
||||||
|
var offerAcceptanceDate = org.ValidUntil!.Value.AddDays(-7).ToString("MM/dd/yyyy");
|
||||||
|
await mailService.SendFamiliesForEnterpriseRemoveSponsorshipsEmailAsync(org.FriendlyName, offerAcceptanceDate,
|
||||||
|
org.SponsoredOrganizationId.ToString(), organizationName);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public Task<string> ValidateAsync(PolicyUpdate policyUpdate, Policy? currentPolicy) => Task.FromResult("");
|
||||||
|
}
|
@ -1,86 +0,0 @@
|
|||||||
using Bit.Core.Auth.Enums;
|
|
||||||
using Bit.Core.Auth.Models;
|
|
||||||
using Bit.Core.Auth.Utilities.Duo;
|
|
||||||
using Bit.Core.Entities;
|
|
||||||
using Bit.Core.Services;
|
|
||||||
using Bit.Core.Settings;
|
|
||||||
using Microsoft.AspNetCore.Identity;
|
|
||||||
using Microsoft.Extensions.DependencyInjection;
|
|
||||||
|
|
||||||
namespace Bit.Core.Auth.Identity;
|
|
||||||
|
|
||||||
public class DuoWebTokenProvider : IUserTwoFactorTokenProvider<User>
|
|
||||||
{
|
|
||||||
private readonly IServiceProvider _serviceProvider;
|
|
||||||
private readonly GlobalSettings _globalSettings;
|
|
||||||
|
|
||||||
public DuoWebTokenProvider(
|
|
||||||
IServiceProvider serviceProvider,
|
|
||||||
GlobalSettings globalSettings)
|
|
||||||
{
|
|
||||||
_serviceProvider = serviceProvider;
|
|
||||||
_globalSettings = globalSettings;
|
|
||||||
}
|
|
||||||
|
|
||||||
public async Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
|
|
||||||
{
|
|
||||||
var userService = _serviceProvider.GetRequiredService<IUserService>();
|
|
||||||
if (!(await userService.CanAccessPremium(user)))
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
|
||||||
if (!HasProperMetaData(provider))
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
return await userService.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.Duo, user);
|
|
||||||
}
|
|
||||||
|
|
||||||
public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
|
|
||||||
{
|
|
||||||
var userService = _serviceProvider.GetRequiredService<IUserService>();
|
|
||||||
if (!(await userService.CanAccessPremium(user)))
|
|
||||||
{
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
|
||||||
if (!HasProperMetaData(provider))
|
|
||||||
{
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
var signatureRequest = DuoWeb.SignRequest((string)provider.MetaData["IKey"],
|
|
||||||
(string)provider.MetaData["SKey"], _globalSettings.Duo.AKey, user.Email);
|
|
||||||
return signatureRequest;
|
|
||||||
}
|
|
||||||
|
|
||||||
public async Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
|
|
||||||
{
|
|
||||||
var userService = _serviceProvider.GetRequiredService<IUserService>();
|
|
||||||
if (!(await userService.CanAccessPremium(user)))
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
|
||||||
if (!HasProperMetaData(provider))
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
var response = DuoWeb.VerifyResponse((string)provider.MetaData["IKey"], (string)provider.MetaData["SKey"],
|
|
||||||
_globalSettings.Duo.AKey, token);
|
|
||||||
|
|
||||||
return response == user.Email;
|
|
||||||
}
|
|
||||||
|
|
||||||
private bool HasProperMetaData(TwoFactorProvider provider)
|
|
||||||
{
|
|
||||||
return provider?.MetaData != null && provider.MetaData.ContainsKey("IKey") &&
|
|
||||||
provider.MetaData.ContainsKey("SKey") && provider.MetaData.ContainsKey("Host");
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,76 +0,0 @@
|
|||||||
using Bit.Core.AdminConsole.Entities;
|
|
||||||
using Bit.Core.Auth.Enums;
|
|
||||||
using Bit.Core.Auth.Models;
|
|
||||||
using Bit.Core.Auth.Utilities.Duo;
|
|
||||||
using Bit.Core.Entities;
|
|
||||||
using Bit.Core.Settings;
|
|
||||||
|
|
||||||
namespace Bit.Core.Auth.Identity;
|
|
||||||
|
|
||||||
public interface IOrganizationDuoWebTokenProvider : IOrganizationTwoFactorTokenProvider { }
|
|
||||||
|
|
||||||
public class OrganizationDuoWebTokenProvider : IOrganizationDuoWebTokenProvider
|
|
||||||
{
|
|
||||||
private readonly GlobalSettings _globalSettings;
|
|
||||||
|
|
||||||
public OrganizationDuoWebTokenProvider(GlobalSettings globalSettings)
|
|
||||||
{
|
|
||||||
_globalSettings = globalSettings;
|
|
||||||
}
|
|
||||||
|
|
||||||
public Task<bool> CanGenerateTwoFactorTokenAsync(Organization organization)
|
|
||||||
{
|
|
||||||
if (organization == null || !organization.Enabled || !organization.Use2fa)
|
|
||||||
{
|
|
||||||
return Task.FromResult(false);
|
|
||||||
}
|
|
||||||
|
|
||||||
var provider = organization.GetTwoFactorProvider(TwoFactorProviderType.OrganizationDuo);
|
|
||||||
var canGenerate = organization.TwoFactorProviderIsEnabled(TwoFactorProviderType.OrganizationDuo)
|
|
||||||
&& HasProperMetaData(provider);
|
|
||||||
return Task.FromResult(canGenerate);
|
|
||||||
}
|
|
||||||
|
|
||||||
public Task<string> GenerateAsync(Organization organization, User user)
|
|
||||||
{
|
|
||||||
if (organization == null || !organization.Enabled || !organization.Use2fa)
|
|
||||||
{
|
|
||||||
return Task.FromResult<string>(null);
|
|
||||||
}
|
|
||||||
|
|
||||||
var provider = organization.GetTwoFactorProvider(TwoFactorProviderType.OrganizationDuo);
|
|
||||||
if (!HasProperMetaData(provider))
|
|
||||||
{
|
|
||||||
return Task.FromResult<string>(null);
|
|
||||||
}
|
|
||||||
|
|
||||||
var signatureRequest = DuoWeb.SignRequest(provider.MetaData["IKey"].ToString(),
|
|
||||||
provider.MetaData["SKey"].ToString(), _globalSettings.Duo.AKey, user.Email);
|
|
||||||
return Task.FromResult(signatureRequest);
|
|
||||||
}
|
|
||||||
|
|
||||||
public Task<bool> ValidateAsync(string token, Organization organization, User user)
|
|
||||||
{
|
|
||||||
if (organization == null || !organization.Enabled || !organization.Use2fa)
|
|
||||||
{
|
|
||||||
return Task.FromResult(false);
|
|
||||||
}
|
|
||||||
|
|
||||||
var provider = organization.GetTwoFactorProvider(TwoFactorProviderType.OrganizationDuo);
|
|
||||||
if (!HasProperMetaData(provider))
|
|
||||||
{
|
|
||||||
return Task.FromResult(false);
|
|
||||||
}
|
|
||||||
|
|
||||||
var response = DuoWeb.VerifyResponse(provider.MetaData["IKey"].ToString(),
|
|
||||||
provider.MetaData["SKey"].ToString(), _globalSettings.Duo.AKey, token);
|
|
||||||
|
|
||||||
return Task.FromResult(response == user.Email);
|
|
||||||
}
|
|
||||||
|
|
||||||
private bool HasProperMetaData(TwoFactorProvider provider)
|
|
||||||
{
|
|
||||||
return provider?.MetaData != null && provider.MetaData.ContainsKey("IKey") &&
|
|
||||||
provider.MetaData.ContainsKey("SKey") && provider.MetaData.ContainsKey("Host");
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,172 +0,0 @@
|
|||||||
using Bit.Core.Auth.Models;
|
|
||||||
using Bit.Core.Auth.Models.Business.Tokenables;
|
|
||||||
using Bit.Core.Context;
|
|
||||||
using Bit.Core.Entities;
|
|
||||||
using Bit.Core.Settings;
|
|
||||||
using Bit.Core.Tokens;
|
|
||||||
using Microsoft.Extensions.Logging;
|
|
||||||
using Duo = DuoUniversal;
|
|
||||||
|
|
||||||
namespace Bit.Core.Auth.Identity;
|
|
||||||
|
|
||||||
/*
|
|
||||||
PM-5156 addresses tech debt
|
|
||||||
Interface to allow for DI, will end up being removed as part of the removal of the old Duo SDK v2 flows.
|
|
||||||
This service is to support SDK v4 flows for Duo. At some time in the future we will need
|
|
||||||
to combine this service with the DuoWebTokenProvider and OrganizationDuoWebTokenProvider to support SDK v4.
|
|
||||||
*/
|
|
||||||
public interface ITemporaryDuoWebV4SDKService
|
|
||||||
{
|
|
||||||
Task<string> GenerateAsync(TwoFactorProvider provider, User user);
|
|
||||||
Task<bool> ValidateAsync(string token, TwoFactorProvider provider, User user);
|
|
||||||
}
|
|
||||||
|
|
||||||
public class TemporaryDuoWebV4SDKService : ITemporaryDuoWebV4SDKService
|
|
||||||
{
|
|
||||||
private readonly ICurrentContext _currentContext;
|
|
||||||
private readonly GlobalSettings _globalSettings;
|
|
||||||
private readonly IDataProtectorTokenFactory<DuoUserStateTokenable> _tokenDataFactory;
|
|
||||||
private readonly ILogger<TemporaryDuoWebV4SDKService> _logger;
|
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Constructor for the DuoUniversalPromptService. Used to supplement v2 implementation of Duo with v4 SDK
|
|
||||||
/// </summary>
|
|
||||||
/// <param name="currentContext">used to fetch initiating Client</param>
|
|
||||||
/// <param name="globalSettings">used to fetch vault URL for Redirect URL</param>
|
|
||||||
public TemporaryDuoWebV4SDKService(
|
|
||||||
ICurrentContext currentContext,
|
|
||||||
GlobalSettings globalSettings,
|
|
||||||
IDataProtectorTokenFactory<DuoUserStateTokenable> tokenDataFactory,
|
|
||||||
ILogger<TemporaryDuoWebV4SDKService> logger)
|
|
||||||
{
|
|
||||||
_currentContext = currentContext;
|
|
||||||
_globalSettings = globalSettings;
|
|
||||||
_tokenDataFactory = tokenDataFactory;
|
|
||||||
_logger = logger;
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Provider agnostic (either Duo or OrganizationDuo) method to generate a Duo Auth URL
|
|
||||||
/// </summary>
|
|
||||||
/// <param name="provider">Either Duo or OrganizationDuo</param>
|
|
||||||
/// <param name="user">self</param>
|
|
||||||
/// <returns>AuthUrl for DUO SDK v4</returns>
|
|
||||||
public async Task<string> GenerateAsync(TwoFactorProvider provider, User user)
|
|
||||||
{
|
|
||||||
if (!HasProperMetaData(provider))
|
|
||||||
{
|
|
||||||
if (!HasProperMetaData_SDKV2(provider))
|
|
||||||
{
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
var duoClient = await BuildDuoClientAsync(provider);
|
|
||||||
if (duoClient == null)
|
|
||||||
{
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
var state = _tokenDataFactory.Protect(new DuoUserStateTokenable(user));
|
|
||||||
var authUrl = duoClient.GenerateAuthUri(user.Email, state);
|
|
||||||
|
|
||||||
return authUrl;
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Validates Duo SDK v4 response
|
|
||||||
/// </summary>
|
|
||||||
/// <param name="token">response form Duo</param>
|
|
||||||
/// <param name="provider">TwoFactorProviderType Duo or OrganizationDuo</param>
|
|
||||||
/// <param name="user">self</param>
|
|
||||||
/// <returns>true or false depending on result of verification</returns>
|
|
||||||
public async Task<bool> ValidateAsync(string token, TwoFactorProvider provider, User user)
|
|
||||||
{
|
|
||||||
if (!HasProperMetaData(provider))
|
|
||||||
{
|
|
||||||
if (!HasProperMetaData_SDKV2(provider))
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
var duoClient = await BuildDuoClientAsync(provider);
|
|
||||||
if (duoClient == null)
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
var parts = token.Split("|");
|
|
||||||
var authCode = parts[0];
|
|
||||||
var state = parts[1];
|
|
||||||
|
|
||||||
_tokenDataFactory.TryUnprotect(state, out var tokenable);
|
|
||||||
if (!tokenable.Valid || !tokenable.TokenIsValid(user))
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
// duoClient compares the email from the received IdToken with user.Email to verify a bad actor hasn't used
|
|
||||||
// their authCode with a victims credentials
|
|
||||||
var res = await duoClient.ExchangeAuthorizationCodeFor2faResult(authCode, user.Email);
|
|
||||||
// If the result of the exchange doesn't throw an exception and it's not null, then it's valid
|
|
||||||
return res.AuthResult.Result == "allow";
|
|
||||||
}
|
|
||||||
|
|
||||||
private bool HasProperMetaData(TwoFactorProvider provider)
|
|
||||||
{
|
|
||||||
return provider?.MetaData != null && provider.MetaData.ContainsKey("ClientId") &&
|
|
||||||
provider.MetaData.ContainsKey("ClientSecret") && provider.MetaData.ContainsKey("Host");
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Checks if the metadata for SDK V2 is present.
|
|
||||||
/// Transitional method to support Duo during v4 database rename
|
|
||||||
/// </summary>
|
|
||||||
/// <param name="provider">The TwoFactorProvider object to check.</param>
|
|
||||||
/// <returns>True if the provider has the proper metadata; otherwise, false.</returns>
|
|
||||||
private bool HasProperMetaData_SDKV2(TwoFactorProvider provider)
|
|
||||||
{
|
|
||||||
if (provider?.MetaData != null &&
|
|
||||||
provider.MetaData.TryGetValue("IKey", out var iKey) &&
|
|
||||||
provider.MetaData.TryGetValue("SKey", out var sKey) &&
|
|
||||||
provider.MetaData.ContainsKey("Host"))
|
|
||||||
{
|
|
||||||
provider.MetaData.Add("ClientId", iKey);
|
|
||||||
provider.MetaData.Add("ClientSecret", sKey);
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Generates a Duo.Client object for use with Duo SDK v4. This combines the health check and the client generation
|
|
||||||
/// </summary>
|
|
||||||
/// <param name="provider">TwoFactorProvider Duo or OrganizationDuo</param>
|
|
||||||
/// <returns>Duo.Client object or null</returns>
|
|
||||||
private async Task<Duo.Client> BuildDuoClientAsync(TwoFactorProvider provider)
|
|
||||||
{
|
|
||||||
// Fetch Client name from header value since duo auth can be initiated from multiple clients and we want
|
|
||||||
// to redirect back to the initiating client
|
|
||||||
_currentContext.HttpContext.Request.Headers.TryGetValue("Bitwarden-Client-Name", out var bitwardenClientName);
|
|
||||||
var redirectUri = string.Format("{0}/duo-redirect-connector.html?client={1}",
|
|
||||||
_globalSettings.BaseServiceUri.Vault, bitwardenClientName.FirstOrDefault() ?? "web");
|
|
||||||
|
|
||||||
var client = new Duo.ClientBuilder(
|
|
||||||
(string)provider.MetaData["ClientId"],
|
|
||||||
(string)provider.MetaData["ClientSecret"],
|
|
||||||
(string)provider.MetaData["Host"],
|
|
||||||
redirectUri).Build();
|
|
||||||
|
|
||||||
if (!await client.DoHealthCheck(true))
|
|
||||||
{
|
|
||||||
_logger.LogError("Unable to connect to Duo. Health check failed.");
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
return client;
|
|
||||||
}
|
|
||||||
}
|
|
@ -6,7 +6,7 @@ using Microsoft.Extensions.Caching.Distributed;
|
|||||||
using Microsoft.Extensions.DependencyInjection;
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
using OtpNet;
|
using OtpNet;
|
||||||
|
|
||||||
namespace Bit.Core.Auth.Identity;
|
namespace Bit.Core.Auth.Identity.TokenProviders;
|
||||||
|
|
||||||
public class AuthenticatorTokenProvider : IUserTwoFactorTokenProvider<User>
|
public class AuthenticatorTokenProvider : IUserTwoFactorTokenProvider<User>
|
||||||
{
|
{
|
@ -0,0 +1,102 @@
|
|||||||
|
using Bit.Core.Auth.Enums;
|
||||||
|
using Bit.Core.Auth.Models;
|
||||||
|
using Bit.Core.Auth.Models.Business.Tokenables;
|
||||||
|
using Bit.Core.Entities;
|
||||||
|
using Bit.Core.Services;
|
||||||
|
using Bit.Core.Tokens;
|
||||||
|
using Microsoft.AspNetCore.Identity;
|
||||||
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
|
using Duo = DuoUniversal;
|
||||||
|
|
||||||
|
namespace Bit.Core.Auth.Identity.TokenProviders;
|
||||||
|
|
||||||
|
public class DuoUniversalTokenProvider(
|
||||||
|
IServiceProvider serviceProvider,
|
||||||
|
IDataProtectorTokenFactory<DuoUserStateTokenable> tokenDataFactory,
|
||||||
|
IDuoUniversalTokenService duoUniversalTokenService) : IUserTwoFactorTokenProvider<User>
|
||||||
|
{
|
||||||
|
/// <summary>
|
||||||
|
/// We need the IServiceProvider to resolve the IUserService. There is a complex dependency dance
|
||||||
|
/// occurring between IUserService, which extends the UserManager<User>, and the usage of the
|
||||||
|
/// UserManager<User> within this class. Trying to resolve the IUserService using the DI pipeline
|
||||||
|
/// will not allow the server to start and it will hang and give no helpful indication as to the problem.
|
||||||
|
/// </summary>
|
||||||
|
private readonly IServiceProvider _serviceProvider = serviceProvider;
|
||||||
|
private readonly IDataProtectorTokenFactory<DuoUserStateTokenable> _tokenDataFactory = tokenDataFactory;
|
||||||
|
private readonly IDuoUniversalTokenService _duoUniversalTokenService = duoUniversalTokenService;
|
||||||
|
|
||||||
|
public async Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
|
||||||
|
{
|
||||||
|
var userService = _serviceProvider.GetRequiredService<IUserService>();
|
||||||
|
var provider = await GetDuoTwoFactorProvider(user, userService);
|
||||||
|
if (provider == null)
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return await userService.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType.Duo, user);
|
||||||
|
}
|
||||||
|
|
||||||
|
public async Task<string> GenerateAsync(string purpose, UserManager<User> manager, User user)
|
||||||
|
{
|
||||||
|
var duoClient = await GetDuoClientAsync(user);
|
||||||
|
if (duoClient == null)
|
||||||
|
{
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
return _duoUniversalTokenService.GenerateAuthUrl(duoClient, _tokenDataFactory, user);
|
||||||
|
}
|
||||||
|
|
||||||
|
public async Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
|
||||||
|
{
|
||||||
|
var duoClient = await GetDuoClientAsync(user);
|
||||||
|
if (duoClient == null)
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return await _duoUniversalTokenService.RequestDuoValidationAsync(duoClient, _tokenDataFactory, user, token);
|
||||||
|
}
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Get the Duo Two Factor Provider for the user if they have access to Duo
|
||||||
|
/// </summary>
|
||||||
|
/// <param name="user">Active User</param>
|
||||||
|
/// <returns>null or Duo TwoFactorProvider</returns>
|
||||||
|
private async Task<TwoFactorProvider> GetDuoTwoFactorProvider(User user, IUserService userService)
|
||||||
|
{
|
||||||
|
if (!await userService.CanAccessPremium(user))
|
||||||
|
{
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
||||||
|
if (!_duoUniversalTokenService.HasProperDuoMetadata(provider))
|
||||||
|
{
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
return provider;
|
||||||
|
}
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Uses the User to fetch a valid TwoFactorProvider and use it to create a Duo.Client
|
||||||
|
/// </summary>
|
||||||
|
/// <param name="user">active user</param>
|
||||||
|
/// <returns>null or Duo TwoFactorProvider</returns>
|
||||||
|
private async Task<Duo.Client> GetDuoClientAsync(User user)
|
||||||
|
{
|
||||||
|
var userService = _serviceProvider.GetRequiredService<IUserService>();
|
||||||
|
var provider = await GetDuoTwoFactorProvider(user, userService);
|
||||||
|
if (provider == null)
|
||||||
|
{
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
var duoClient = await _duoUniversalTokenService.BuildDuoTwoFactorClientAsync(provider);
|
||||||
|
if (duoClient == null)
|
||||||
|
{
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
return duoClient;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,177 @@
|
|||||||
|
using Bit.Core.Auth.Models;
|
||||||
|
using Bit.Core.Auth.Models.Business.Tokenables;
|
||||||
|
using Bit.Core.Context;
|
||||||
|
using Bit.Core.Entities;
|
||||||
|
using Bit.Core.Settings;
|
||||||
|
using Bit.Core.Tokens;
|
||||||
|
using Duo = DuoUniversal;
|
||||||
|
|
||||||
|
namespace Bit.Core.Auth.Identity.TokenProviders;
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// OrganizationDuo and Duo TwoFactorProviderTypes both use the same flows so both of those Token Providers will
|
||||||
|
/// have this class injected to utilize these methods
|
||||||
|
/// </summary>
|
||||||
|
public interface IDuoUniversalTokenService
|
||||||
|
{
|
||||||
|
/// <summary>
|
||||||
|
/// Generates the Duo Auth URL for the user to be redirected to Duo for 2FA. This
|
||||||
|
/// Auth URL also lets the Duo Service know where to redirect the user back to after
|
||||||
|
/// the 2FA process is complete.
|
||||||
|
/// </summary>
|
||||||
|
/// <param name="duoClient">A not null valid Duo.Client</param>
|
||||||
|
/// <param name="tokenDataFactory">This service creates the state token for added security</param>
|
||||||
|
/// <param name="user">currently active user</param>
|
||||||
|
/// <returns>a URL in string format</returns>
|
||||||
|
string GenerateAuthUrl(
|
||||||
|
Duo.Client duoClient,
|
||||||
|
IDataProtectorTokenFactory<DuoUserStateTokenable> tokenDataFactory,
|
||||||
|
User user);
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Makes the request to Duo to validate the authCode and state token
|
||||||
|
/// </summary>
|
||||||
|
/// <param name="duoClient">A not null valid Duo.Client</param>
|
||||||
|
/// <param name="tokenDataFactory">Factory for decrypting the state</param>
|
||||||
|
/// <param name="user">self</param>
|
||||||
|
/// <param name="token">token received from the client</param>
|
||||||
|
/// <returns>boolean based on result from Duo</returns>
|
||||||
|
Task<bool> RequestDuoValidationAsync(
|
||||||
|
Duo.Client duoClient,
|
||||||
|
IDataProtectorTokenFactory<DuoUserStateTokenable> tokenDataFactory,
|
||||||
|
User user,
|
||||||
|
string token);
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Generates a Duo.Client object for use with Duo SDK v4. This method is to validate a Duo configuration
|
||||||
|
/// when adding or updating the configuration. This method makes a web request to Duo to verify the configuration.
|
||||||
|
/// Throws exception if configuration is invalid.
|
||||||
|
/// </summary>
|
||||||
|
/// <param name="clientSecret">Duo client Secret</param>
|
||||||
|
/// <param name="clientId">Duo client Id</param>
|
||||||
|
/// <param name="host">Duo host</param>
|
||||||
|
/// <returns>Boolean</returns>
|
||||||
|
Task<bool> ValidateDuoConfiguration(string clientSecret, string clientId, string host);
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Checks provider for the correct Duo metadata: ClientId, ClientSecret, and Host. Does no validation on the data.
|
||||||
|
/// it is assumed to be correct. The only way to have the data written to the Database is after verification
|
||||||
|
/// occurs.
|
||||||
|
/// </summary>
|
||||||
|
/// <param name="provider">Host being checked for proper data</param>
|
||||||
|
/// <returns>true if all three are present; false if one is missing or the host is incorrect</returns>
|
||||||
|
bool HasProperDuoMetadata(TwoFactorProvider provider);
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Generates a Duo.Client object for use with Duo SDK v4. This combines the health check and the client generation.
|
||||||
|
/// This method is made public so that it is easier to test. If the method was private then there would not be an
|
||||||
|
/// easy way to mock the response. Since this makes a web request it is difficult to mock.
|
||||||
|
/// </summary>
|
||||||
|
/// <param name="provider">TwoFactorProvider Duo or OrganizationDuo</param>
|
||||||
|
/// <returns>Duo.Client object or null</returns>
|
||||||
|
Task<Duo.Client> BuildDuoTwoFactorClientAsync(TwoFactorProvider provider);
|
||||||
|
}
|
||||||
|
|
||||||
|
public class DuoUniversalTokenService(
|
||||||
|
ICurrentContext currentContext,
|
||||||
|
GlobalSettings globalSettings) : IDuoUniversalTokenService
|
||||||
|
{
|
||||||
|
private readonly ICurrentContext _currentContext = currentContext;
|
||||||
|
private readonly GlobalSettings _globalSettings = globalSettings;
|
||||||
|
|
||||||
|
public string GenerateAuthUrl(
|
||||||
|
Duo.Client duoClient,
|
||||||
|
IDataProtectorTokenFactory<DuoUserStateTokenable> tokenDataFactory,
|
||||||
|
User user)
|
||||||
|
{
|
||||||
|
var state = tokenDataFactory.Protect(new DuoUserStateTokenable(user));
|
||||||
|
var authUrl = duoClient.GenerateAuthUri(user.Email, state);
|
||||||
|
|
||||||
|
return authUrl;
|
||||||
|
}
|
||||||
|
|
||||||
|
public async Task<bool> RequestDuoValidationAsync(
|
||||||
|
Duo.Client duoClient,
|
||||||
|
IDataProtectorTokenFactory<DuoUserStateTokenable> tokenDataFactory,
|
||||||
|
User user,
|
||||||
|
string token)
|
||||||
|
{
|
||||||
|
var parts = token.Split("|");
|
||||||
|
var authCode = parts[0];
|
||||||
|
var state = parts[1];
|
||||||
|
tokenDataFactory.TryUnprotect(state, out var tokenable);
|
||||||
|
if (!tokenable.Valid || !tokenable.TokenIsValid(user))
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
// duoClient compares the email from the received IdToken with user.Email to verify a bad actor hasn't used
|
||||||
|
// their authCode with a victims credentials
|
||||||
|
var res = await duoClient.ExchangeAuthorizationCodeFor2faResult(authCode, user.Email);
|
||||||
|
// If the result of the exchange doesn't throw an exception and it's not null, then it's valid
|
||||||
|
return res.AuthResult.Result == "allow";
|
||||||
|
}
|
||||||
|
|
||||||
|
public async Task<bool> ValidateDuoConfiguration(string clientSecret, string clientId, string host)
|
||||||
|
{
|
||||||
|
// Do some simple checks to ensure data integrity
|
||||||
|
if (!ValidDuoHost(host) ||
|
||||||
|
string.IsNullOrWhiteSpace(clientSecret) ||
|
||||||
|
string.IsNullOrWhiteSpace(clientId))
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
// The AuthURI is not important for this health check so we pass in a non-empty string
|
||||||
|
var client = new Duo.ClientBuilder(clientId, clientSecret, host, "non-empty").Build();
|
||||||
|
|
||||||
|
// This could throw an exception, the false flag will allow the exception to bubble up
|
||||||
|
return await client.DoHealthCheck(false);
|
||||||
|
}
|
||||||
|
|
||||||
|
public bool HasProperDuoMetadata(TwoFactorProvider provider)
|
||||||
|
{
|
||||||
|
return provider?.MetaData != null &&
|
||||||
|
provider.MetaData.ContainsKey("ClientId") &&
|
||||||
|
provider.MetaData.ContainsKey("ClientSecret") &&
|
||||||
|
provider.MetaData.ContainsKey("Host") &&
|
||||||
|
ValidDuoHost((string)provider.MetaData["Host"]);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Checks the host string to make sure it meets Duo's Guidelines before attempting to create a Duo.Client.
|
||||||
|
/// </summary>
|
||||||
|
/// <param name="host">string representing the Duo Host</param>
|
||||||
|
/// <returns>true if the host is valid false otherwise</returns>
|
||||||
|
public static bool ValidDuoHost(string host)
|
||||||
|
{
|
||||||
|
if (Uri.TryCreate($"https://{host}", UriKind.Absolute, out var uri))
|
||||||
|
{
|
||||||
|
return (string.IsNullOrWhiteSpace(uri.PathAndQuery) || uri.PathAndQuery == "/") &&
|
||||||
|
uri.Host.StartsWith("api-") &&
|
||||||
|
(uri.Host.EndsWith(".duosecurity.com") || uri.Host.EndsWith(".duofederal.com"));
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
public async Task<Duo.Client> BuildDuoTwoFactorClientAsync(TwoFactorProvider provider)
|
||||||
|
{
|
||||||
|
// Fetch Client name from header value since duo auth can be initiated from multiple clients and we want
|
||||||
|
// to redirect back to the initiating client
|
||||||
|
_currentContext.HttpContext.Request.Headers.TryGetValue("Bitwarden-Client-Name", out var bitwardenClientName);
|
||||||
|
var redirectUri = string.Format("{0}/duo-redirect-connector.html?client={1}",
|
||||||
|
_globalSettings.BaseServiceUri.Vault, bitwardenClientName.FirstOrDefault() ?? "web");
|
||||||
|
|
||||||
|
var client = new Duo.ClientBuilder(
|
||||||
|
(string)provider.MetaData["ClientId"],
|
||||||
|
(string)provider.MetaData["ClientSecret"],
|
||||||
|
(string)provider.MetaData["Host"],
|
||||||
|
redirectUri).Build();
|
||||||
|
|
||||||
|
if (!await client.DoHealthCheck(false))
|
||||||
|
{
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
return client;
|
||||||
|
}
|
||||||
|
}
|
@ -5,7 +5,7 @@ using Microsoft.AspNetCore.Identity;
|
|||||||
using Microsoft.Extensions.Caching.Distributed;
|
using Microsoft.Extensions.Caching.Distributed;
|
||||||
using Microsoft.Extensions.DependencyInjection;
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
|
|
||||||
namespace Bit.Core.Auth.Identity;
|
namespace Bit.Core.Auth.Identity.TokenProviders;
|
||||||
|
|
||||||
public class EmailTokenProvider : IUserTwoFactorTokenProvider<User>
|
public class EmailTokenProvider : IUserTwoFactorTokenProvider<User>
|
||||||
{
|
{
|
@ -6,7 +6,7 @@ using Microsoft.AspNetCore.Identity;
|
|||||||
using Microsoft.Extensions.Caching.Distributed;
|
using Microsoft.Extensions.Caching.Distributed;
|
||||||
using Microsoft.Extensions.DependencyInjection;
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
|
|
||||||
namespace Bit.Core.Auth.Identity;
|
namespace Bit.Core.Auth.Identity.TokenProviders;
|
||||||
|
|
||||||
public class EmailTwoFactorTokenProvider : EmailTokenProvider
|
public class EmailTwoFactorTokenProvider : EmailTokenProvider
|
||||||
{
|
{
|
@ -1,7 +1,7 @@
|
|||||||
using Bit.Core.AdminConsole.Entities;
|
using Bit.Core.AdminConsole.Entities;
|
||||||
using Bit.Core.Entities;
|
using Bit.Core.Entities;
|
||||||
|
|
||||||
namespace Bit.Core.Auth.Identity;
|
namespace Bit.Core.Auth.Identity.TokenProviders;
|
||||||
|
|
||||||
public interface IOrganizationTwoFactorTokenProvider
|
public interface IOrganizationTwoFactorTokenProvider
|
||||||
{
|
{
|
@ -0,0 +1,81 @@
|
|||||||
|
using Bit.Core.AdminConsole.Entities;
|
||||||
|
using Bit.Core.Auth.Enums;
|
||||||
|
using Bit.Core.Auth.Models;
|
||||||
|
using Bit.Core.Auth.Models.Business.Tokenables;
|
||||||
|
using Bit.Core.Entities;
|
||||||
|
using Bit.Core.Tokens;
|
||||||
|
using Duo = DuoUniversal;
|
||||||
|
|
||||||
|
namespace Bit.Core.Auth.Identity.TokenProviders;
|
||||||
|
|
||||||
|
public interface IOrganizationDuoUniversalTokenProvider : IOrganizationTwoFactorTokenProvider { }
|
||||||
|
|
||||||
|
public class OrganizationDuoUniversalTokenProvider(
|
||||||
|
IDataProtectorTokenFactory<DuoUserStateTokenable> tokenDataFactory,
|
||||||
|
IDuoUniversalTokenService duoUniversalTokenService) : IOrganizationDuoUniversalTokenProvider
|
||||||
|
{
|
||||||
|
private readonly IDataProtectorTokenFactory<DuoUserStateTokenable> _tokenDataFactory = tokenDataFactory;
|
||||||
|
private readonly IDuoUniversalTokenService _duoUniversalTokenService = duoUniversalTokenService;
|
||||||
|
|
||||||
|
public Task<bool> CanGenerateTwoFactorTokenAsync(Organization organization)
|
||||||
|
{
|
||||||
|
var provider = GetDuoTwoFactorProvider(organization);
|
||||||
|
if (provider != null && provider.Enabled)
|
||||||
|
{
|
||||||
|
return Task.FromResult(true);
|
||||||
|
}
|
||||||
|
return Task.FromResult(false);
|
||||||
|
}
|
||||||
|
|
||||||
|
public async Task<string> GenerateAsync(Organization organization, User user)
|
||||||
|
{
|
||||||
|
var duoClient = await GetDuoClientAsync(organization);
|
||||||
|
if (duoClient == null)
|
||||||
|
{
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
return _duoUniversalTokenService.GenerateAuthUrl(duoClient, _tokenDataFactory, user);
|
||||||
|
}
|
||||||
|
|
||||||
|
public async Task<bool> ValidateAsync(string token, Organization organization, User user)
|
||||||
|
{
|
||||||
|
var duoClient = await GetDuoClientAsync(organization);
|
||||||
|
if (duoClient == null)
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return await _duoUniversalTokenService.RequestDuoValidationAsync(duoClient, _tokenDataFactory, user, token);
|
||||||
|
}
|
||||||
|
|
||||||
|
private TwoFactorProvider GetDuoTwoFactorProvider(Organization organization)
|
||||||
|
{
|
||||||
|
if (organization == null || !organization.Enabled || !organization.Use2fa)
|
||||||
|
{
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
var provider = organization.GetTwoFactorProvider(TwoFactorProviderType.OrganizationDuo);
|
||||||
|
if (!_duoUniversalTokenService.HasProperDuoMetadata(provider))
|
||||||
|
{
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
return provider;
|
||||||
|
}
|
||||||
|
|
||||||
|
private async Task<Duo.Client> GetDuoClientAsync(Organization organization)
|
||||||
|
{
|
||||||
|
var provider = GetDuoTwoFactorProvider(organization);
|
||||||
|
if (provider == null)
|
||||||
|
{
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
var duoClient = await _duoUniversalTokenService.BuildDuoTwoFactorClientAsync(provider);
|
||||||
|
if (duoClient == null)
|
||||||
|
{
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
return duoClient;
|
||||||
|
}
|
||||||
|
}
|
@ -4,7 +4,7 @@ using Microsoft.AspNetCore.Identity;
|
|||||||
using Microsoft.Extensions.Logging;
|
using Microsoft.Extensions.Logging;
|
||||||
using Microsoft.Extensions.Options;
|
using Microsoft.Extensions.Options;
|
||||||
|
|
||||||
namespace Bit.Core.Auth.Identity;
|
namespace Bit.Core.Auth.Identity.TokenProviders;
|
||||||
|
|
||||||
public class TwoFactorRememberTokenProvider : DataProtectorTokenProvider<User>
|
public class TwoFactorRememberTokenProvider : DataProtectorTokenProvider<User>
|
||||||
{
|
{
|
@ -10,7 +10,7 @@ using Fido2NetLib.Objects;
|
|||||||
using Microsoft.AspNetCore.Identity;
|
using Microsoft.AspNetCore.Identity;
|
||||||
using Microsoft.Extensions.DependencyInjection;
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
|
|
||||||
namespace Bit.Core.Auth.Identity;
|
namespace Bit.Core.Auth.Identity.TokenProviders;
|
||||||
|
|
||||||
public class WebAuthnTokenProvider : IUserTwoFactorTokenProvider<User>
|
public class WebAuthnTokenProvider : IUserTwoFactorTokenProvider<User>
|
||||||
{
|
{
|
@ -6,7 +6,7 @@ using Microsoft.AspNetCore.Identity;
|
|||||||
using Microsoft.Extensions.DependencyInjection;
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
using YubicoDotNetClient;
|
using YubicoDotNetClient;
|
||||||
|
|
||||||
namespace Bit.Core.Auth.Identity;
|
namespace Bit.Core.Auth.Identity.TokenProviders;
|
||||||
|
|
||||||
public class YubicoOtpTokenProvider : IUserTwoFactorTokenProvider<User>
|
public class YubicoOtpTokenProvider : IUserTwoFactorTokenProvider<User>
|
||||||
{
|
{
|
||||||
@ -24,7 +24,7 @@ public class YubicoOtpTokenProvider : IUserTwoFactorTokenProvider<User>
|
|||||||
public async Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
|
public async Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<User> manager, User user)
|
||||||
{
|
{
|
||||||
var userService = _serviceProvider.GetRequiredService<IUserService>();
|
var userService = _serviceProvider.GetRequiredService<IUserService>();
|
||||||
if (!(await userService.CanAccessPremium(user)))
|
if (!await userService.CanAccessPremium(user))
|
||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -46,7 +46,7 @@ public class YubicoOtpTokenProvider : IUserTwoFactorTokenProvider<User>
|
|||||||
public async Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
|
public async Task<bool> ValidateAsync(string purpose, string token, UserManager<User> manager, User user)
|
||||||
{
|
{
|
||||||
var userService = _serviceProvider.GetRequiredService<IUserService>();
|
var userService = _serviceProvider.GetRequiredService<IUserService>();
|
||||||
if (!(await userService.CanAccessPremium(user)))
|
if (!await userService.CanAccessPremium(user))
|
||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
@ -1,277 +0,0 @@
|
|||||||
/*
|
|
||||||
Original source modified from https://github.com/duosecurity/duo_api_csharp
|
|
||||||
|
|
||||||
=============================================================================
|
|
||||||
=============================================================================
|
|
||||||
|
|
||||||
Copyright (c) 2018 Duo Security
|
|
||||||
All rights reserved
|
|
||||||
*/
|
|
||||||
|
|
||||||
using System.Globalization;
|
|
||||||
using System.Net;
|
|
||||||
using System.Security.Cryptography;
|
|
||||||
using System.Text;
|
|
||||||
using System.Text.Json;
|
|
||||||
using System.Text.RegularExpressions;
|
|
||||||
using System.Web;
|
|
||||||
using Bit.Core.Models.Api.Response.Duo;
|
|
||||||
|
|
||||||
namespace Bit.Core.Auth.Utilities;
|
|
||||||
|
|
||||||
public class DuoApi
|
|
||||||
{
|
|
||||||
private const string UrlScheme = "https";
|
|
||||||
private const string UserAgent = "Bitwarden_DuoAPICSharp/1.0 (.NET Core)";
|
|
||||||
|
|
||||||
private readonly string _host;
|
|
||||||
private readonly string _ikey;
|
|
||||||
private readonly string _skey;
|
|
||||||
|
|
||||||
private readonly HttpClient _httpClient = new();
|
|
||||||
|
|
||||||
public DuoApi(string ikey, string skey, string host)
|
|
||||||
{
|
|
||||||
_ikey = ikey;
|
|
||||||
_skey = skey;
|
|
||||||
_host = host;
|
|
||||||
|
|
||||||
if (!ValidHost(host))
|
|
||||||
{
|
|
||||||
throw new DuoException("Invalid Duo host configured.", new ArgumentException(nameof(host)));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public static bool ValidHost(string host)
|
|
||||||
{
|
|
||||||
if (Uri.TryCreate($"https://{host}", UriKind.Absolute, out var uri))
|
|
||||||
{
|
|
||||||
return (string.IsNullOrWhiteSpace(uri.PathAndQuery) || uri.PathAndQuery == "/") &&
|
|
||||||
uri.Host.StartsWith("api-") &&
|
|
||||||
(uri.Host.EndsWith(".duosecurity.com") || uri.Host.EndsWith(".duofederal.com"));
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static string CanonicalizeParams(Dictionary<string, string> parameters)
|
|
||||||
{
|
|
||||||
var ret = new List<string>();
|
|
||||||
foreach (var pair in parameters)
|
|
||||||
{
|
|
||||||
var p = string.Format("{0}={1}", HttpUtility.UrlEncode(pair.Key), HttpUtility.UrlEncode(pair.Value));
|
|
||||||
// Signatures require upper-case hex digits.
|
|
||||||
p = Regex.Replace(p, "(%[0-9A-Fa-f][0-9A-Fa-f])", c => c.Value.ToUpperInvariant());
|
|
||||||
// Escape only the expected characters.
|
|
||||||
p = Regex.Replace(p, "([!'()*])", c => "%" + Convert.ToByte(c.Value[0]).ToString("X"));
|
|
||||||
p = p.Replace("%7E", "~");
|
|
||||||
// UrlEncode converts space (" ") to "+". The
|
|
||||||
// signature algorithm requires "%20" instead. Actual
|
|
||||||
// + has already been replaced with %2B.
|
|
||||||
p = p.Replace("+", "%20");
|
|
||||||
ret.Add(p);
|
|
||||||
}
|
|
||||||
|
|
||||||
ret.Sort(StringComparer.Ordinal);
|
|
||||||
return string.Join("&", ret.ToArray());
|
|
||||||
}
|
|
||||||
|
|
||||||
protected string CanonicalizeRequest(string method, string path, string canonParams, string date)
|
|
||||||
{
|
|
||||||
string[] lines = {
|
|
||||||
date,
|
|
||||||
method.ToUpperInvariant(),
|
|
||||||
_host.ToLower(),
|
|
||||||
path,
|
|
||||||
canonParams,
|
|
||||||
};
|
|
||||||
return string.Join("\n", lines);
|
|
||||||
}
|
|
||||||
|
|
||||||
public string Sign(string method, string path, string canonParams, string date)
|
|
||||||
{
|
|
||||||
var canon = CanonicalizeRequest(method, path, canonParams, date);
|
|
||||||
var sig = HmacSign(canon);
|
|
||||||
var auth = string.Concat(_ikey, ':', sig);
|
|
||||||
return string.Concat("Basic ", Encode64(auth));
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <param name="timeout">The request timeout, in milliseconds.
|
|
||||||
/// Specify 0 to use the system-default timeout. Use caution if
|
|
||||||
/// you choose to specify a custom timeout - some API
|
|
||||||
/// calls (particularly in the Auth APIs) will not
|
|
||||||
/// return a response until an out-of-band authentication process
|
|
||||||
/// has completed. In some cases, this may take as much as a
|
|
||||||
/// small number of minutes.</param>
|
|
||||||
private async Task<(string result, HttpStatusCode statusCode)> ApiCall(string method, string path, Dictionary<string, string> parameters, int timeout)
|
|
||||||
{
|
|
||||||
if (parameters == null)
|
|
||||||
{
|
|
||||||
parameters = new Dictionary<string, string>();
|
|
||||||
}
|
|
||||||
|
|
||||||
var canonParams = CanonicalizeParams(parameters);
|
|
||||||
var query = string.Empty;
|
|
||||||
if (!method.Equals("POST") && !method.Equals("PUT"))
|
|
||||||
{
|
|
||||||
if (parameters.Count > 0)
|
|
||||||
{
|
|
||||||
query = "?" + canonParams;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
var url = $"{UrlScheme}://{_host}{path}{query}";
|
|
||||||
|
|
||||||
var dateString = RFC822UtcNow();
|
|
||||||
var auth = Sign(method, path, canonParams, dateString);
|
|
||||||
|
|
||||||
var request = new HttpRequestMessage
|
|
||||||
{
|
|
||||||
Method = new HttpMethod(method),
|
|
||||||
RequestUri = new Uri(url),
|
|
||||||
};
|
|
||||||
request.Headers.Add("Authorization", auth);
|
|
||||||
request.Headers.Add("X-Duo-Date", dateString);
|
|
||||||
request.Headers.UserAgent.ParseAdd(UserAgent);
|
|
||||||
|
|
||||||
if (timeout > 0)
|
|
||||||
{
|
|
||||||
_httpClient.Timeout = TimeSpan.FromMilliseconds(timeout);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (method.Equals("POST") || method.Equals("PUT"))
|
|
||||||
{
|
|
||||||
request.Content = new StringContent(canonParams, Encoding.UTF8, "application/x-www-form-urlencoded");
|
|
||||||
}
|
|
||||||
|
|
||||||
var response = await _httpClient.SendAsync(request);
|
|
||||||
var result = await response.Content.ReadAsStringAsync();
|
|
||||||
var statusCode = response.StatusCode;
|
|
||||||
return (result, statusCode);
|
|
||||||
}
|
|
||||||
|
|
||||||
public async Task<Response> JSONApiCall(string method, string path, Dictionary<string, string> parameters = null)
|
|
||||||
{
|
|
||||||
return await JSONApiCall(method, path, parameters, 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <param name="timeout">The request timeout, in milliseconds.
|
|
||||||
/// Specify 0 to use the system-default timeout. Use caution if
|
|
||||||
/// you choose to specify a custom timeout - some API
|
|
||||||
/// calls (particularly in the Auth APIs) will not
|
|
||||||
/// return a response until an out-of-band authentication process
|
|
||||||
/// has completed. In some cases, this may take as much as a
|
|
||||||
/// small number of minutes.</param>
|
|
||||||
private async Task<Response> JSONApiCall(string method, string path, Dictionary<string, string> parameters, int timeout)
|
|
||||||
{
|
|
||||||
var (res, statusCode) = await ApiCall(method, path, parameters, timeout);
|
|
||||||
try
|
|
||||||
{
|
|
||||||
var obj = JsonSerializer.Deserialize<DuoResponseModel>(res);
|
|
||||||
if (obj.Stat == "OK")
|
|
||||||
{
|
|
||||||
return obj.Response;
|
|
||||||
}
|
|
||||||
|
|
||||||
throw new ApiException(obj.Code ?? 0, (int)statusCode, obj.Message, obj.MessageDetail);
|
|
||||||
}
|
|
||||||
catch (ApiException)
|
|
||||||
{
|
|
||||||
throw;
|
|
||||||
}
|
|
||||||
catch (Exception e)
|
|
||||||
{
|
|
||||||
throw new BadResponseException((int)statusCode, e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private int? ToNullableInt(string s)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
if (int.TryParse(s, out i))
|
|
||||||
{
|
|
||||||
return i;
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
private string HmacSign(string data)
|
|
||||||
{
|
|
||||||
var keyBytes = Encoding.ASCII.GetBytes(_skey);
|
|
||||||
var dataBytes = Encoding.ASCII.GetBytes(data);
|
|
||||||
|
|
||||||
using (var hmac = new HMACSHA1(keyBytes))
|
|
||||||
{
|
|
||||||
var hash = hmac.ComputeHash(dataBytes);
|
|
||||||
var hex = BitConverter.ToString(hash);
|
|
||||||
return hex.Replace("-", string.Empty).ToLower();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private static string Encode64(string plaintext)
|
|
||||||
{
|
|
||||||
var plaintextBytes = Encoding.ASCII.GetBytes(plaintext);
|
|
||||||
return Convert.ToBase64String(plaintextBytes);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static string RFC822UtcNow()
|
|
||||||
{
|
|
||||||
// Can't use the "zzzz" format because it adds a ":"
|
|
||||||
// between the offset's hours and minutes.
|
|
||||||
var dateString = DateTime.UtcNow.ToString("ddd, dd MMM yyyy HH:mm:ss", CultureInfo.InvariantCulture);
|
|
||||||
var offset = 0;
|
|
||||||
var zone = "+" + offset.ToString(CultureInfo.InvariantCulture).PadLeft(2, '0');
|
|
||||||
dateString += " " + zone.PadRight(5, '0');
|
|
||||||
return dateString;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public class DuoException : Exception
|
|
||||||
{
|
|
||||||
public int HttpStatus { get; private set; }
|
|
||||||
|
|
||||||
public DuoException(string message, Exception inner)
|
|
||||||
: base(message, inner)
|
|
||||||
{ }
|
|
||||||
|
|
||||||
public DuoException(int httpStatus, string message, Exception inner)
|
|
||||||
: base(message, inner)
|
|
||||||
{
|
|
||||||
HttpStatus = httpStatus;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public class ApiException : DuoException
|
|
||||||
{
|
|
||||||
public int Code { get; private set; }
|
|
||||||
public string ApiMessage { get; private set; }
|
|
||||||
public string ApiMessageDetail { get; private set; }
|
|
||||||
|
|
||||||
public ApiException(int code, int httpStatus, string apiMessage, string apiMessageDetail)
|
|
||||||
: base(httpStatus, FormatMessage(code, apiMessage, apiMessageDetail), null)
|
|
||||||
{
|
|
||||||
Code = code;
|
|
||||||
ApiMessage = apiMessage;
|
|
||||||
ApiMessageDetail = apiMessageDetail;
|
|
||||||
}
|
|
||||||
|
|
||||||
private static string FormatMessage(int code, string apiMessage, string apiMessageDetail)
|
|
||||||
{
|
|
||||||
return string.Format("Duo API Error {0}: '{1}' ('{2}')", code, apiMessage, apiMessageDetail);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public class BadResponseException : DuoException
|
|
||||||
{
|
|
||||||
public BadResponseException(int httpStatus, Exception inner)
|
|
||||||
: base(httpStatus, FormatMessage(httpStatus, inner), inner)
|
|
||||||
{ }
|
|
||||||
|
|
||||||
private static string FormatMessage(int httpStatus, Exception inner)
|
|
||||||
{
|
|
||||||
var innerMessage = "(null)";
|
|
||||||
if (inner != null)
|
|
||||||
{
|
|
||||||
innerMessage = string.Format("'{0}'", inner.Message);
|
|
||||||
}
|
|
||||||
return string.Format("Got error {0} with HTTP Status {1}", innerMessage, httpStatus);
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,240 +0,0 @@
|
|||||||
/*
|
|
||||||
Original source modified from https://github.com/duosecurity/duo_dotnet
|
|
||||||
|
|
||||||
=============================================================================
|
|
||||||
=============================================================================
|
|
||||||
|
|
||||||
ref: https://github.com/duosecurity/duo_dotnet/blob/master/LICENSE
|
|
||||||
|
|
||||||
Copyright (c) 2011, Duo Security, Inc.
|
|
||||||
All rights reserved.
|
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without
|
|
||||||
modification, are permitted provided that the following conditions
|
|
||||||
are met:
|
|
||||||
|
|
||||||
1. Redistributions of source code must retain the above copyright
|
|
||||||
notice, this list of conditions and the following disclaimer.
|
|
||||||
2. Redistributions in binary form must reproduce the above copyright
|
|
||||||
notice, this list of conditions and the following disclaimer in the
|
|
||||||
documentation and/or other materials provided with the distribution.
|
|
||||||
3. The name of the author may not be used to endorse or promote products
|
|
||||||
derived from this software without specific prior written permission.
|
|
||||||
|
|
||||||
THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
||||||
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
||||||
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
||||||
IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
||||||
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
||||||
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
||||||
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*/
|
|
||||||
|
|
||||||
using System.Security.Cryptography;
|
|
||||||
using System.Text;
|
|
||||||
|
|
||||||
namespace Bit.Core.Auth.Utilities.Duo;
|
|
||||||
|
|
||||||
public static class DuoWeb
|
|
||||||
{
|
|
||||||
private const string DuoProfix = "TX";
|
|
||||||
private const string AppPrefix = "APP";
|
|
||||||
private const string AuthPrefix = "AUTH";
|
|
||||||
private const int DuoExpire = 300;
|
|
||||||
private const int AppExpire = 3600;
|
|
||||||
private const int IKeyLength = 20;
|
|
||||||
private const int SKeyLength = 40;
|
|
||||||
private const int AKeyLength = 40;
|
|
||||||
|
|
||||||
public static string ErrorUser = "ERR|The username passed to sign_request() is invalid.";
|
|
||||||
public static string ErrorIKey = "ERR|The Duo integration key passed to sign_request() is invalid.";
|
|
||||||
public static string ErrorSKey = "ERR|The Duo secret key passed to sign_request() is invalid.";
|
|
||||||
public static string ErrorAKey = "ERR|The application secret key passed to sign_request() must be at least " +
|
|
||||||
"40 characters.";
|
|
||||||
public static string ErrorUnknown = "ERR|An unknown error has occurred.";
|
|
||||||
|
|
||||||
// throw on invalid bytes
|
|
||||||
private static Encoding _encoding = new UTF8Encoding(false, true);
|
|
||||||
private static DateTime _epoc = new DateTime(1970, 1, 1);
|
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Generate a signed request for Duo authentication.
|
|
||||||
/// The returned value should be passed into the Duo.init() call
|
|
||||||
/// in the rendered web page used for Duo authentication.
|
|
||||||
/// </summary>
|
|
||||||
/// <param name="ikey">Duo integration key</param>
|
|
||||||
/// <param name="skey">Duo secret key</param>
|
|
||||||
/// <param name="akey">Application secret key</param>
|
|
||||||
/// <param name="username">Primary-authenticated username</param>
|
|
||||||
/// <param name="currentTime">(optional) The current UTC time</param>
|
|
||||||
/// <returns>signed request</returns>
|
|
||||||
public static string SignRequest(string ikey, string skey, string akey, string username,
|
|
||||||
DateTime? currentTime = null)
|
|
||||||
{
|
|
||||||
string duoSig;
|
|
||||||
string appSig;
|
|
||||||
|
|
||||||
var currentTimeValue = currentTime ?? DateTime.UtcNow;
|
|
||||||
|
|
||||||
if (username == string.Empty)
|
|
||||||
{
|
|
||||||
return ErrorUser;
|
|
||||||
}
|
|
||||||
if (username.Contains("|"))
|
|
||||||
{
|
|
||||||
return ErrorUser;
|
|
||||||
}
|
|
||||||
if (ikey.Length != IKeyLength)
|
|
||||||
{
|
|
||||||
return ErrorIKey;
|
|
||||||
}
|
|
||||||
if (skey.Length != SKeyLength)
|
|
||||||
{
|
|
||||||
return ErrorSKey;
|
|
||||||
}
|
|
||||||
if (akey.Length < AKeyLength)
|
|
||||||
{
|
|
||||||
return ErrorAKey;
|
|
||||||
}
|
|
||||||
|
|
||||||
try
|
|
||||||
{
|
|
||||||
duoSig = SignVals(skey, username, ikey, DuoProfix, DuoExpire, currentTimeValue);
|
|
||||||
appSig = SignVals(akey, username, ikey, AppPrefix, AppExpire, currentTimeValue);
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
return ErrorUnknown;
|
|
||||||
}
|
|
||||||
|
|
||||||
return $"{duoSig}:{appSig}";
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Validate the signed response returned from Duo.
|
|
||||||
/// Returns the username of the authenticated user, or null.
|
|
||||||
/// </summary>
|
|
||||||
/// <param name="ikey">Duo integration key</param>
|
|
||||||
/// <param name="skey">Duo secret key</param>
|
|
||||||
/// <param name="akey">Application secret key</param>
|
|
||||||
/// <param name="sigResponse">The signed response POST'ed to the server</param>
|
|
||||||
/// <param name="currentTime">(optional) The current UTC time</param>
|
|
||||||
/// <returns>authenticated username, or null</returns>
|
|
||||||
public static string VerifyResponse(string ikey, string skey, string akey, string sigResponse,
|
|
||||||
DateTime? currentTime = null)
|
|
||||||
{
|
|
||||||
string authUser = null;
|
|
||||||
string appUser = null;
|
|
||||||
var currentTimeValue = currentTime ?? DateTime.UtcNow;
|
|
||||||
|
|
||||||
try
|
|
||||||
{
|
|
||||||
var sigs = sigResponse.Split(':');
|
|
||||||
var authSig = sigs[0];
|
|
||||||
var appSig = sigs[1];
|
|
||||||
|
|
||||||
authUser = ParseVals(skey, authSig, AuthPrefix, ikey, currentTimeValue);
|
|
||||||
appUser = ParseVals(akey, appSig, AppPrefix, ikey, currentTimeValue);
|
|
||||||
}
|
|
||||||
catch
|
|
||||||
{
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (authUser != appUser)
|
|
||||||
{
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
return authUser;
|
|
||||||
}
|
|
||||||
|
|
||||||
private static string SignVals(string key, string username, string ikey, string prefix, long expire,
|
|
||||||
DateTime currentTime)
|
|
||||||
{
|
|
||||||
var ts = (long)(currentTime - _epoc).TotalSeconds;
|
|
||||||
expire = ts + expire;
|
|
||||||
var val = $"{username}|{ikey}|{expire.ToString()}";
|
|
||||||
var cookie = $"{prefix}|{Encode64(val)}";
|
|
||||||
var sig = Sign(key, cookie);
|
|
||||||
return $"{cookie}|{sig}";
|
|
||||||
}
|
|
||||||
|
|
||||||
private static string ParseVals(string key, string val, string prefix, string ikey, DateTime currentTime)
|
|
||||||
{
|
|
||||||
var ts = (long)(currentTime - _epoc).TotalSeconds;
|
|
||||||
|
|
||||||
var parts = val.Split('|');
|
|
||||||
if (parts.Length != 3)
|
|
||||||
{
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
var uPrefix = parts[0];
|
|
||||||
var uB64 = parts[1];
|
|
||||||
var uSig = parts[2];
|
|
||||||
|
|
||||||
var sig = Sign(key, $"{uPrefix}|{uB64}");
|
|
||||||
if (Sign(key, sig) != Sign(key, uSig))
|
|
||||||
{
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (uPrefix != prefix)
|
|
||||||
{
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
var cookie = Decode64(uB64);
|
|
||||||
var cookieParts = cookie.Split('|');
|
|
||||||
if (cookieParts.Length != 3)
|
|
||||||
{
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
var username = cookieParts[0];
|
|
||||||
var uIKey = cookieParts[1];
|
|
||||||
var expire = cookieParts[2];
|
|
||||||
|
|
||||||
if (uIKey != ikey)
|
|
||||||
{
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
var expireTs = Convert.ToInt32(expire);
|
|
||||||
if (ts >= expireTs)
|
|
||||||
{
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
return username;
|
|
||||||
}
|
|
||||||
|
|
||||||
private static string Sign(string skey, string data)
|
|
||||||
{
|
|
||||||
var keyBytes = Encoding.ASCII.GetBytes(skey);
|
|
||||||
var dataBytes = Encoding.ASCII.GetBytes(data);
|
|
||||||
|
|
||||||
using (var hmac = new HMACSHA1(keyBytes))
|
|
||||||
{
|
|
||||||
var hash = hmac.ComputeHash(dataBytes);
|
|
||||||
var hex = BitConverter.ToString(hash);
|
|
||||||
return hex.Replace("-", "").ToLower();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private static string Encode64(string plaintext)
|
|
||||||
{
|
|
||||||
var plaintextBytes = _encoding.GetBytes(plaintext);
|
|
||||||
return Convert.ToBase64String(plaintextBytes);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static string Decode64(string encoded)
|
|
||||||
{
|
|
||||||
var plaintextBytes = Convert.FromBase64String(encoded);
|
|
||||||
return _encoding.GetString(plaintextBytes);
|
|
||||||
}
|
|
||||||
}
|
|
@ -523,8 +523,9 @@ public class SubscriberService(
|
|||||||
|
|
||||||
var metadata = customer.Metadata;
|
var metadata = customer.Metadata;
|
||||||
|
|
||||||
if (metadata.ContainsKey(BraintreeCustomerIdKey))
|
if (metadata.TryGetValue(BraintreeCustomerIdKey, out var value))
|
||||||
{
|
{
|
||||||
|
metadata[BraintreeCustomerIdOldKey] = value;
|
||||||
metadata[BraintreeCustomerIdKey] = null;
|
metadata[BraintreeCustomerIdKey] = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -7,6 +7,7 @@ namespace Bit.Core.Billing;
|
|||||||
public static class Utilities
|
public static class Utilities
|
||||||
{
|
{
|
||||||
public const string BraintreeCustomerIdKey = "btCustomerId";
|
public const string BraintreeCustomerIdKey = "btCustomerId";
|
||||||
|
public const string BraintreeCustomerIdOldKey = "btCustomerId_old";
|
||||||
|
|
||||||
public static async Task<SubscriptionSuspension> GetSubscriptionSuspensionAsync(
|
public static async Task<SubscriptionSuspension> GetSubscriptionSuspensionAsync(
|
||||||
IStripeAdapter stripeAdapter,
|
IStripeAdapter stripeAdapter,
|
||||||
|
@ -155,6 +155,7 @@ public static class FeatureFlagKeys
|
|||||||
public const string SecurityTasks = "security-tasks";
|
public const string SecurityTasks = "security-tasks";
|
||||||
public const string PM14401_ScaleMSPOnClientOrganizationUpdate = "PM-14401-scale-msp-on-client-organization-update";
|
public const string PM14401_ScaleMSPOnClientOrganizationUpdate = "PM-14401-scale-msp-on-client-organization-update";
|
||||||
public const string PM11360RemoveProviderExportPermission = "pm-11360-remove-provider-export-permission";
|
public const string PM11360RemoveProviderExportPermission = "pm-11360-remove-provider-export-permission";
|
||||||
|
public const string DisableFreeFamiliesSponsorship = "PM-12274-disable-free-families-sponsorship";
|
||||||
|
|
||||||
public static List<string> GetAllKeys()
|
public static List<string> GetAllKeys()
|
||||||
{
|
{
|
||||||
|
@ -0,0 +1,22 @@
|
|||||||
|
{{#>FullHtmlLayout}}
|
||||||
|
<table width="100%" cellpadding="0" cellspacing="0" style="margin: 0; box-sizing: border-box; line-height: 25px; -webkit-text-size-adjust: none;">
|
||||||
|
<tr style="margin: 0; box-sizing: border-box; line-height: 25px; -webkit-text-size-adjust: none;">
|
||||||
|
<td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0 0 10px; -webkit-text-size-adjust: none;" valign="top">
|
||||||
|
{{SponsoringOrgName}} has removed the Free Bitwarden Families plan sponsorship.
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr style="margin: 0; box-sizing: border-box; line-height: 25px; -webkit-text-size-adjust: none;">
|
||||||
|
<td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0 0 10px; -webkit-text-size-adjust: none;" valign="top">
|
||||||
|
<strong>Here’s what that means:</strong></br>
|
||||||
|
Your Free Bitwarden Families sponsorship will charge your stored payment method on {{OfferAcceptanceDate}}. To avoid any disruption in your service, please ensure your payment method on the <a target="_blank" clicktracking=off href="{{SubscriptionUrl}}" style="-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; box-sizing: border-box; color: #175DDC; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 25px; margin: 0; text-decoration: underline;">Subscription page</a> is up to date.
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr style="margin: 0; box-sizing: border-box; line-height: 25px; -webkit-text-size-adjust: none;">
|
||||||
|
<td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0 0 10px; -webkit-text-size-adjust: none;" valign="top">
|
||||||
|
Contact your organization administrators for more information.
|
||||||
|
<br style="margin: 0; box-sizing: border-box; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;" />
|
||||||
|
<br style="margin: 0; box-sizing: border-box; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;" />
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
{{/FullHtmlLayout}}
|
@ -0,0 +1,6 @@
|
|||||||
|
{{#>BasicTextLayout}}
|
||||||
|
{{SponsoringOrgName}} has removed the Free Bitwarden Families plan sponsorship.
|
||||||
|
Here’s what that means:
|
||||||
|
Your Free Bitwarden Families sponsorship will charge your stored payment method on {{OfferAcceptanceDate}}. To avoid any disruption in your service, please ensure your payment method on the Subscription page is up to date. Or click the following link: {{{SubscriptionUrl}}}
|
||||||
|
Contact your organization administrators for more information.
|
||||||
|
{{/BasicTextLayout}}
|
@ -0,0 +1,9 @@
|
|||||||
|
namespace Bit.Core.Models.Api.Response.OrganizationSponsorships;
|
||||||
|
|
||||||
|
public record PreValidateSponsorshipResponseModel(
|
||||||
|
bool IsTokenValid,
|
||||||
|
bool IsFreeFamilyPolicyEnabled)
|
||||||
|
{
|
||||||
|
public static PreValidateSponsorshipResponseModel From(bool validToken, bool policyStatus)
|
||||||
|
=> new(validToken, policyStatus);
|
||||||
|
}
|
@ -0,0 +1,10 @@
|
|||||||
|
namespace Bit.Core.Models.Mail.FamiliesForEnterprise;
|
||||||
|
|
||||||
|
public class FamiliesForEnterpriseRemoveOfferViewModel : BaseMailModel
|
||||||
|
{
|
||||||
|
public string SponsoringOrgName { get; set; }
|
||||||
|
public string SponsoredOrganizationId { get; set; }
|
||||||
|
public string OfferAcceptanceDate { get; set; }
|
||||||
|
public string SubscriptionUrl =>
|
||||||
|
$"{WebVaultUrl}/organizations/{SponsoredOrganizationId}/billing/subscription";
|
||||||
|
}
|
@ -89,5 +89,7 @@ public interface IMailService
|
|||||||
Task SendInitiateDeletProviderEmailAsync(string email, Provider provider, string token);
|
Task SendInitiateDeletProviderEmailAsync(string email, Provider provider, string token);
|
||||||
Task SendInitiateDeleteOrganzationEmailAsync(string email, Organization organization, string token);
|
Task SendInitiateDeleteOrganzationEmailAsync(string email, Organization organization, string token);
|
||||||
Task SendRequestSMAccessToAdminEmailAsync(IEnumerable<string> adminEmails, string organizationName, string userRequestingAccess, string emailContent);
|
Task SendRequestSMAccessToAdminEmailAsync(IEnumerable<string> adminEmails, string organizationName, string userRequestingAccess, string emailContent);
|
||||||
|
Task SendFamiliesForEnterpriseRemoveSponsorshipsEmailAsync(string email, string offerAcceptanceDate, string organizationId,
|
||||||
|
string organizationName);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1095,6 +1095,22 @@ public class HandlebarsMailService : IMailService
|
|||||||
await _mailDeliveryService.SendEmailAsync(message);
|
await _mailDeliveryService.SendEmailAsync(message);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public async Task SendFamiliesForEnterpriseRemoveSponsorshipsEmailAsync(string email, string offerAcceptanceDate, string organizationId,
|
||||||
|
string organizationName)
|
||||||
|
{
|
||||||
|
var message = CreateDefaultMessage("Removal of Free Bitwarden Families plan", email);
|
||||||
|
var model = new FamiliesForEnterpriseRemoveOfferViewModel
|
||||||
|
{
|
||||||
|
SponsoredOrganizationId = organizationId,
|
||||||
|
SponsoringOrgName = CoreHelpers.SanitizeForEmail(organizationName),
|
||||||
|
OfferAcceptanceDate = offerAcceptanceDate,
|
||||||
|
WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash
|
||||||
|
};
|
||||||
|
await AddMessageContentAsync(message, "FamiliesForEnterprise.FamiliesForEnterpriseRemovedFromFamilyUser", model);
|
||||||
|
message.Category = "FamiliesForEnterpriseRemovedFromFamilyUser";
|
||||||
|
await _mailDeliveryService.SendEmailAsync(message);
|
||||||
|
}
|
||||||
|
|
||||||
private static string GetUserIdentifier(string email, string userName)
|
private static string GetUserIdentifier(string email, string userName)
|
||||||
{
|
{
|
||||||
return string.IsNullOrEmpty(userName) ? email : CoreHelpers.SanitizeForEmail(userName, false);
|
return string.IsNullOrEmpty(userName) ? email : CoreHelpers.SanitizeForEmail(userName, false);
|
||||||
|
@ -1360,9 +1360,9 @@ public class StripePaymentService : IPaymentService
|
|||||||
{
|
{
|
||||||
if (braintreeCustomer?.Id != stripeCustomerMetadata["btCustomerId"])
|
if (braintreeCustomer?.Id != stripeCustomerMetadata["btCustomerId"])
|
||||||
{
|
{
|
||||||
var nowSec = Utilities.CoreHelpers.ToEpocSeconds(DateTime.UtcNow);
|
stripeCustomerMetadata["btCustomerId_old"] = stripeCustomerMetadata["btCustomerId"];
|
||||||
stripeCustomerMetadata.Add($"btCustomerId_{nowSec}", stripeCustomerMetadata["btCustomerId"]);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
stripeCustomerMetadata["btCustomerId"] = braintreeCustomer?.Id;
|
stripeCustomerMetadata["btCustomerId"] = braintreeCustomer?.Id;
|
||||||
}
|
}
|
||||||
else if (!string.IsNullOrWhiteSpace(braintreeCustomer?.Id))
|
else if (!string.IsNullOrWhiteSpace(braintreeCustomer?.Id))
|
||||||
|
@ -296,5 +296,12 @@ public class NoopMailService : IMailService
|
|||||||
return Task.FromResult(0);
|
return Task.FromResult(0);
|
||||||
}
|
}
|
||||||
public Task SendRequestSMAccessToAdminEmailAsync(IEnumerable<string> adminEmails, string organizationName, string userRequestingAccess, string emailContent) => throw new NotImplementedException();
|
public Task SendRequestSMAccessToAdminEmailAsync(IEnumerable<string> adminEmails, string organizationName, string userRequestingAccess, string emailContent) => throw new NotImplementedException();
|
||||||
|
|
||||||
|
public Task SendFamiliesForEnterpriseRemoveSponsorshipsEmailAsync(string email, string offerAcceptanceDate,
|
||||||
|
string organizationId,
|
||||||
|
string organizationName)
|
||||||
|
{
|
||||||
|
return Task.FromResult(0);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,9 +1,7 @@
|
|||||||
|
using System.Text.Json;
|
||||||
using System.Text.Json;
|
|
||||||
using Bit.Core;
|
|
||||||
using Bit.Core.AdminConsole.Entities;
|
using Bit.Core.AdminConsole.Entities;
|
||||||
using Bit.Core.Auth.Enums;
|
using Bit.Core.Auth.Enums;
|
||||||
using Bit.Core.Auth.Identity;
|
using Bit.Core.Auth.Identity.TokenProviders;
|
||||||
using Bit.Core.Auth.Models;
|
using Bit.Core.Auth.Models;
|
||||||
using Bit.Core.Auth.Models.Business.Tokenables;
|
using Bit.Core.Auth.Models.Business.Tokenables;
|
||||||
using Bit.Core.Context;
|
using Bit.Core.Context;
|
||||||
@ -52,8 +50,7 @@ public interface ITwoFactorAuthenticationValidator
|
|||||||
public class TwoFactorAuthenticationValidator(
|
public class TwoFactorAuthenticationValidator(
|
||||||
IUserService userService,
|
IUserService userService,
|
||||||
UserManager<User> userManager,
|
UserManager<User> userManager,
|
||||||
IOrganizationDuoWebTokenProvider organizationDuoWebTokenProvider,
|
IOrganizationDuoUniversalTokenProvider organizationDuoWebTokenProvider,
|
||||||
ITemporaryDuoWebV4SDKService duoWebV4SDKService,
|
|
||||||
IFeatureService featureService,
|
IFeatureService featureService,
|
||||||
IApplicationCacheService applicationCacheService,
|
IApplicationCacheService applicationCacheService,
|
||||||
IOrganizationUserRepository organizationUserRepository,
|
IOrganizationUserRepository organizationUserRepository,
|
||||||
@ -63,8 +60,7 @@ public class TwoFactorAuthenticationValidator(
|
|||||||
{
|
{
|
||||||
private readonly IUserService _userService = userService;
|
private readonly IUserService _userService = userService;
|
||||||
private readonly UserManager<User> _userManager = userManager;
|
private readonly UserManager<User> _userManager = userManager;
|
||||||
private readonly IOrganizationDuoWebTokenProvider _organizationDuoWebTokenProvider = organizationDuoWebTokenProvider;
|
private readonly IOrganizationDuoUniversalTokenProvider _organizationDuoUniversalTokenProvider = organizationDuoWebTokenProvider;
|
||||||
private readonly ITemporaryDuoWebV4SDKService _duoWebV4SDKService = duoWebV4SDKService;
|
|
||||||
private readonly IFeatureService _featureService = featureService;
|
private readonly IFeatureService _featureService = featureService;
|
||||||
private readonly IApplicationCacheService _applicationCacheService = applicationCacheService;
|
private readonly IApplicationCacheService _applicationCacheService = applicationCacheService;
|
||||||
private readonly IOrganizationUserRepository _organizationUserRepository = organizationUserRepository;
|
private readonly IOrganizationUserRepository _organizationUserRepository = organizationUserRepository;
|
||||||
@ -153,17 +149,7 @@ public class TwoFactorAuthenticationValidator(
|
|||||||
{
|
{
|
||||||
if (organization.TwoFactorProviderIsEnabled(type))
|
if (organization.TwoFactorProviderIsEnabled(type))
|
||||||
{
|
{
|
||||||
// DUO SDK v4 Update: try to validate the token - PM-5156 addresses tech debt
|
return await _organizationDuoUniversalTokenProvider.ValidateAsync(token, organization, user);
|
||||||
if (_featureService.IsEnabled(FeatureFlagKeys.DuoRedirect))
|
|
||||||
{
|
|
||||||
if (!token.Contains(':'))
|
|
||||||
{
|
|
||||||
// We have to send the provider to the DuoWebV4SDKService to create the DuoClient
|
|
||||||
var provider = organization.GetTwoFactorProvider(TwoFactorProviderType.OrganizationDuo);
|
|
||||||
return await _duoWebV4SDKService.ValidateAsync(token, provider, user);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return await _organizationDuoWebTokenProvider.ValidateAsync(token, organization, user);
|
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -181,19 +167,6 @@ public class TwoFactorAuthenticationValidator(
|
|||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
// DUO SDK v4 Update: try to validate the token - PM-5156 addresses tech debt
|
|
||||||
if (_featureService.IsEnabled(FeatureFlagKeys.DuoRedirect))
|
|
||||||
{
|
|
||||||
if (type == TwoFactorProviderType.Duo)
|
|
||||||
{
|
|
||||||
if (!token.Contains(':'))
|
|
||||||
{
|
|
||||||
// We have to send the provider to the DuoWebV4SDKService to create the DuoClient
|
|
||||||
var provider = user.GetTwoFactorProvider(TwoFactorProviderType.Duo);
|
|
||||||
return await _duoWebV4SDKService.ValidateAsync(token, provider, user);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return await _userManager.VerifyTwoFactorTokenAsync(user,
|
return await _userManager.VerifyTwoFactorTokenAsync(user,
|
||||||
CoreHelpers.CustomProviderName(type), token);
|
CoreHelpers.CustomProviderName(type), token);
|
||||||
default:
|
default:
|
||||||
@ -248,10 +221,11 @@ public class TwoFactorAuthenticationValidator(
|
|||||||
in the future the `AuthUrl` will be the generated "token" - PM-8107
|
in the future the `AuthUrl` will be the generated "token" - PM-8107
|
||||||
*/
|
*/
|
||||||
if (type == TwoFactorProviderType.OrganizationDuo &&
|
if (type == TwoFactorProviderType.OrganizationDuo &&
|
||||||
await _organizationDuoWebTokenProvider.CanGenerateTwoFactorTokenAsync(organization))
|
await _organizationDuoUniversalTokenProvider.CanGenerateTwoFactorTokenAsync(organization))
|
||||||
{
|
{
|
||||||
twoFactorParams.Add("Host", provider.MetaData["Host"]);
|
twoFactorParams.Add("Host", provider.MetaData["Host"]);
|
||||||
twoFactorParams.Add("AuthUrl", await _duoWebV4SDKService.GenerateAsync(provider, user));
|
twoFactorParams.Add("AuthUrl",
|
||||||
|
await _organizationDuoUniversalTokenProvider.GenerateAsync(organization, user));
|
||||||
|
|
||||||
return twoFactorParams;
|
return twoFactorParams;
|
||||||
}
|
}
|
||||||
@ -261,13 +235,9 @@ public class TwoFactorAuthenticationValidator(
|
|||||||
CoreHelpers.CustomProviderName(type));
|
CoreHelpers.CustomProviderName(type));
|
||||||
switch (type)
|
switch (type)
|
||||||
{
|
{
|
||||||
/*
|
|
||||||
Note: Duo is in the midst of being updated to use the UserManager built-in TwoFactor class
|
|
||||||
in the future the `AuthUrl` will be the generated "token" - PM-8107
|
|
||||||
*/
|
|
||||||
case TwoFactorProviderType.Duo:
|
case TwoFactorProviderType.Duo:
|
||||||
twoFactorParams.Add("Host", provider.MetaData["Host"]);
|
twoFactorParams.Add("Host", provider.MetaData["Host"]);
|
||||||
twoFactorParams.Add("AuthUrl", await _duoWebV4SDKService.GenerateAsync(provider, user));
|
twoFactorParams.Add("AuthUrl", token);
|
||||||
break;
|
break;
|
||||||
case TwoFactorProviderType.WebAuthn:
|
case TwoFactorProviderType.WebAuthn:
|
||||||
if (token != null)
|
if (token != null)
|
||||||
|
@ -10,6 +10,7 @@ using Bit.Core.AdminConsole.Services.Implementations;
|
|||||||
using Bit.Core.AdminConsole.Services.NoopImplementations;
|
using Bit.Core.AdminConsole.Services.NoopImplementations;
|
||||||
using Bit.Core.Auth.Enums;
|
using Bit.Core.Auth.Enums;
|
||||||
using Bit.Core.Auth.Identity;
|
using Bit.Core.Auth.Identity;
|
||||||
|
using Bit.Core.Auth.Identity.TokenProviders;
|
||||||
using Bit.Core.Auth.IdentityServer;
|
using Bit.Core.Auth.IdentityServer;
|
||||||
using Bit.Core.Auth.LoginFeatures;
|
using Bit.Core.Auth.LoginFeatures;
|
||||||
using Bit.Core.Auth.Models.Business.Tokenables;
|
using Bit.Core.Auth.Models.Business.Tokenables;
|
||||||
@ -113,6 +114,7 @@ public static class ServiceCollectionExtensions
|
|||||||
services.AddSingleton<IDeviceService, DeviceService>();
|
services.AddSingleton<IDeviceService, DeviceService>();
|
||||||
services.AddScoped<ISsoConfigService, SsoConfigService>();
|
services.AddScoped<ISsoConfigService, SsoConfigService>();
|
||||||
services.AddScoped<IAuthRequestService, AuthRequestService>();
|
services.AddScoped<IAuthRequestService, AuthRequestService>();
|
||||||
|
services.AddScoped<IDuoUniversalTokenService, DuoUniversalTokenService>();
|
||||||
services.AddScoped<ISendService, SendService>();
|
services.AddScoped<ISendService, SendService>();
|
||||||
services.AddLoginServices();
|
services.AddLoginServices();
|
||||||
services.AddScoped<IOrganizationDomainService, OrganizationDomainService>();
|
services.AddScoped<IOrganizationDomainService, OrganizationDomainService>();
|
||||||
@ -388,8 +390,7 @@ public static class ServiceCollectionExtensions
|
|||||||
public static IdentityBuilder AddCustomIdentityServices(
|
public static IdentityBuilder AddCustomIdentityServices(
|
||||||
this IServiceCollection services, GlobalSettings globalSettings)
|
this IServiceCollection services, GlobalSettings globalSettings)
|
||||||
{
|
{
|
||||||
services.AddScoped<IOrganizationDuoWebTokenProvider, OrganizationDuoWebTokenProvider>();
|
services.AddScoped<IOrganizationDuoUniversalTokenProvider, OrganizationDuoUniversalTokenProvider>();
|
||||||
services.AddScoped<ITemporaryDuoWebV4SDKService, TemporaryDuoWebV4SDKService>();
|
|
||||||
services.Configure<PasswordHasherOptions>(options => options.IterationCount = 100000);
|
services.Configure<PasswordHasherOptions>(options => options.IterationCount = 100000);
|
||||||
services.Configure<TwoFactorRememberTokenProviderOptions>(options =>
|
services.Configure<TwoFactorRememberTokenProviderOptions>(options =>
|
||||||
{
|
{
|
||||||
@ -430,7 +431,7 @@ public static class ServiceCollectionExtensions
|
|||||||
CoreHelpers.CustomProviderName(TwoFactorProviderType.Email))
|
CoreHelpers.CustomProviderName(TwoFactorProviderType.Email))
|
||||||
.AddTokenProvider<YubicoOtpTokenProvider>(
|
.AddTokenProvider<YubicoOtpTokenProvider>(
|
||||||
CoreHelpers.CustomProviderName(TwoFactorProviderType.YubiKey))
|
CoreHelpers.CustomProviderName(TwoFactorProviderType.YubiKey))
|
||||||
.AddTokenProvider<DuoWebTokenProvider>(
|
.AddTokenProvider<DuoUniversalTokenProvider>(
|
||||||
CoreHelpers.CustomProviderName(TwoFactorProviderType.Duo))
|
CoreHelpers.CustomProviderName(TwoFactorProviderType.Duo))
|
||||||
.AddTokenProvider<TwoFactorRememberTokenProvider>(
|
.AddTokenProvider<TwoFactorRememberTokenProvider>(
|
||||||
CoreHelpers.CustomProviderName(TwoFactorProviderType.Remember))
|
CoreHelpers.CustomProviderName(TwoFactorProviderType.Remember))
|
||||||
|
295
test/Api.Test/Auth/Controllers/TwoFactorControllerTests.cs
Normal file
295
test/Api.Test/Auth/Controllers/TwoFactorControllerTests.cs
Normal file
@ -0,0 +1,295 @@
|
|||||||
|
using Bit.Api.Auth.Controllers;
|
||||||
|
using Bit.Api.Auth.Models.Request;
|
||||||
|
using Bit.Api.Auth.Models.Request.Accounts;
|
||||||
|
using Bit.Api.Auth.Models.Response.TwoFactor;
|
||||||
|
using Bit.Core.AdminConsole.Entities;
|
||||||
|
using Bit.Core.Auth.Identity.TokenProviders;
|
||||||
|
using Bit.Core.Context;
|
||||||
|
using Bit.Core.Entities;
|
||||||
|
using Bit.Core.Exceptions;
|
||||||
|
using Bit.Core.Repositories;
|
||||||
|
using Bit.Core.Services;
|
||||||
|
using Bit.Test.Common.AutoFixture;
|
||||||
|
using Bit.Test.Common.AutoFixture.Attributes;
|
||||||
|
using NSubstitute;
|
||||||
|
using Xunit;
|
||||||
|
|
||||||
|
namespace Bit.Api.Test.Auth.Controllers;
|
||||||
|
|
||||||
|
[ControllerCustomize(typeof(TwoFactorController))]
|
||||||
|
[SutProviderCustomize]
|
||||||
|
public class TwoFactorControllerTests
|
||||||
|
{
|
||||||
|
[Theory, BitAutoData]
|
||||||
|
public async Task CheckAsync_UserNull_ThrowsUnauthorizedException(SecretVerificationRequestModel request, SutProvider<TwoFactorController> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
sutProvider.GetDependency<IUserService>()
|
||||||
|
.GetUserByPrincipalAsync(default)
|
||||||
|
.ReturnsForAnyArgs(null as User);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var result = () => sutProvider.Sut.GetDuo(request);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
await Assert.ThrowsAsync<UnauthorizedAccessException>(result);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory, BitAutoData]
|
||||||
|
public async Task CheckAsync_BadSecret_ThrowsBadRequestException(User user, SecretVerificationRequestModel request, SutProvider<TwoFactorController> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
sutProvider.GetDependency<IUserService>()
|
||||||
|
.GetUserByPrincipalAsync(default)
|
||||||
|
.ReturnsForAnyArgs(user);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IUserService>()
|
||||||
|
.VerifySecretAsync(default, default)
|
||||||
|
.ReturnsForAnyArgs(false);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
try
|
||||||
|
{
|
||||||
|
await sutProvider.Sut.GetDuo(request);
|
||||||
|
}
|
||||||
|
catch (BadRequestException e)
|
||||||
|
{
|
||||||
|
// Assert
|
||||||
|
Assert.Equal("The model state is invalid.", e.Message);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory, BitAutoData]
|
||||||
|
public async Task CheckAsync_CannotAccessPremium_ThrowsBadRequestException(User user, SecretVerificationRequestModel request, SutProvider<TwoFactorController> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
sutProvider.GetDependency<IUserService>()
|
||||||
|
.GetUserByPrincipalAsync(default)
|
||||||
|
.ReturnsForAnyArgs(user);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IUserService>()
|
||||||
|
.VerifySecretAsync(default, default)
|
||||||
|
.ReturnsForAnyArgs(true);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IUserService>()
|
||||||
|
.CanAccessPremium(default)
|
||||||
|
.ReturnsForAnyArgs(false);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
try
|
||||||
|
{
|
||||||
|
await sutProvider.Sut.GetDuo(request);
|
||||||
|
}
|
||||||
|
catch (BadRequestException e)
|
||||||
|
{
|
||||||
|
// Assert
|
||||||
|
Assert.Equal("Premium status is required.", e.Message);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory, BitAutoData]
|
||||||
|
public async Task GetDuo_Success(User user, SecretVerificationRequestModel request, SutProvider<TwoFactorController> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
user.TwoFactorProviders = GetUserTwoFactorDuoProvidersJson();
|
||||||
|
SetupCheckAsyncToPass(sutProvider, user);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var result = await sutProvider.Sut.GetDuo(request);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.NotNull(result);
|
||||||
|
Assert.IsType<TwoFactorDuoResponseModel>(result);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory, BitAutoData]
|
||||||
|
public async Task PutDuo_InvalidConfiguration_ThrowsBadRequestException(User user, UpdateTwoFactorDuoRequestModel request, SutProvider<TwoFactorController> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
SetupCheckAsyncToPass(sutProvider, user);
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.ValidateDuoConfiguration(default, default, default)
|
||||||
|
.Returns(false);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
try
|
||||||
|
{
|
||||||
|
await sutProvider.Sut.PutDuo(request);
|
||||||
|
}
|
||||||
|
catch (BadRequestException e)
|
||||||
|
{
|
||||||
|
// Assert
|
||||||
|
Assert.Equal("Duo configuration settings are not valid. Please re-check the Duo Admin panel.", e.Message);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory, BitAutoData]
|
||||||
|
public async Task PutDuo_Success(User user, UpdateTwoFactorDuoRequestModel request, SutProvider<TwoFactorController> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
user.TwoFactorProviders = GetUserTwoFactorDuoProvidersJson();
|
||||||
|
SetupCheckAsyncToPass(sutProvider, user);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.ValidateDuoConfiguration(default, default, default)
|
||||||
|
.ReturnsForAnyArgs(true);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var result = await sutProvider.Sut.PutDuo(request);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.NotNull(result);
|
||||||
|
Assert.IsType<TwoFactorDuoResponseModel>(result);
|
||||||
|
Assert.Equal(user.TwoFactorProviders, request.ToUser(user).TwoFactorProviders);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory, BitAutoData]
|
||||||
|
public async Task CheckOrganizationAsync_ManagePolicies_ThrowsNotFoundException(
|
||||||
|
User user, Organization organization, SecretVerificationRequestModel request, SutProvider<TwoFactorController> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
organization.TwoFactorProviders = GetOrganizationTwoFactorDuoProvidersJson();
|
||||||
|
SetupCheckAsyncToPass(sutProvider, user);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<ICurrentContext>()
|
||||||
|
.ManagePolicies(default)
|
||||||
|
.ReturnsForAnyArgs(false);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var result = () => sutProvider.Sut.GetOrganizationDuo(organization.Id.ToString(), request);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
await Assert.ThrowsAsync<NotFoundException>(result);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory, BitAutoData]
|
||||||
|
public async Task CheckOrganizationAsync_GetByIdAsync_ThrowsNotFoundException(
|
||||||
|
User user, Organization organization, SecretVerificationRequestModel request, SutProvider<TwoFactorController> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
organization.TwoFactorProviders = GetOrganizationTwoFactorDuoProvidersJson();
|
||||||
|
SetupCheckAsyncToPass(sutProvider, user);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<ICurrentContext>()
|
||||||
|
.ManagePolicies(default)
|
||||||
|
.ReturnsForAnyArgs(true);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IOrganizationRepository>()
|
||||||
|
.GetByIdAsync(default)
|
||||||
|
.ReturnsForAnyArgs(null as Organization);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var result = () => sutProvider.Sut.GetOrganizationDuo(organization.Id.ToString(), request);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
await Assert.ThrowsAsync<NotFoundException>(result);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory, BitAutoData]
|
||||||
|
public async Task GetOrganizationDuo_Success(
|
||||||
|
User user, Organization organization, SecretVerificationRequestModel request, SutProvider<TwoFactorController> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
organization.TwoFactorProviders = GetOrganizationTwoFactorDuoProvidersJson();
|
||||||
|
SetupCheckAsyncToPass(sutProvider, user);
|
||||||
|
SetupCheckOrganizationAsyncToPass(sutProvider, organization);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var result = await sutProvider.Sut.GetOrganizationDuo(organization.Id.ToString(), request);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.NotNull(result);
|
||||||
|
Assert.IsType<TwoFactorDuoResponseModel>(result);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory, BitAutoData]
|
||||||
|
public async Task PutOrganizationDuo_InvalidConfiguration_ThrowsBadRequestException(
|
||||||
|
User user, Organization organization, UpdateTwoFactorDuoRequestModel request, SutProvider<TwoFactorController> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
SetupCheckAsyncToPass(sutProvider, user);
|
||||||
|
SetupCheckOrganizationAsyncToPass(sutProvider, organization);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.ValidateDuoConfiguration(default, default, default)
|
||||||
|
.ReturnsForAnyArgs(false);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
try
|
||||||
|
{
|
||||||
|
await sutProvider.Sut.PutOrganizationDuo(organization.Id.ToString(), request);
|
||||||
|
}
|
||||||
|
catch (BadRequestException e)
|
||||||
|
{
|
||||||
|
// Assert
|
||||||
|
Assert.Equal("Duo configuration settings are not valid. Please re-check the Duo Admin panel.", e.Message);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory, BitAutoData]
|
||||||
|
public async Task PutOrganizationDuo_Success(
|
||||||
|
User user, Organization organization, UpdateTwoFactorDuoRequestModel request, SutProvider<TwoFactorController> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
SetupCheckAsyncToPass(sutProvider, user);
|
||||||
|
SetupCheckOrganizationAsyncToPass(sutProvider, organization);
|
||||||
|
organization.TwoFactorProviders = GetUserTwoFactorDuoProvidersJson();
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.ValidateDuoConfiguration(default, default, default)
|
||||||
|
.ReturnsForAnyArgs(true);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var result =
|
||||||
|
await sutProvider.Sut.PutOrganizationDuo(organization.Id.ToString(), request);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.NotNull(result);
|
||||||
|
Assert.IsType<TwoFactorDuoResponseModel>(result);
|
||||||
|
Assert.Equal(organization.TwoFactorProviders, request.ToOrganization(organization).TwoFactorProviders);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
private string GetUserTwoFactorDuoProvidersJson()
|
||||||
|
{
|
||||||
|
return
|
||||||
|
"{\"2\":{\"Enabled\":true,\"MetaData\":{\"ClientSecret\":\"secretClientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
|
||||||
|
}
|
||||||
|
|
||||||
|
private string GetOrganizationTwoFactorDuoProvidersJson()
|
||||||
|
{
|
||||||
|
return
|
||||||
|
"{\"6\":{\"Enabled\":true,\"MetaData\":{\"ClientSecret\":\"secretClientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
|
||||||
|
}
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Sets up the CheckAsync method to pass.
|
||||||
|
/// </summary>
|
||||||
|
/// <param name="sutProvider">uses bit auto data</param>
|
||||||
|
/// <param name="user">uses bit auto data</param>
|
||||||
|
private void SetupCheckAsyncToPass(SutProvider<TwoFactorController> sutProvider, User user)
|
||||||
|
{
|
||||||
|
sutProvider.GetDependency<IUserService>()
|
||||||
|
.GetUserByPrincipalAsync(default)
|
||||||
|
.ReturnsForAnyArgs(user);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IUserService>()
|
||||||
|
.VerifySecretAsync(default, default)
|
||||||
|
.ReturnsForAnyArgs(true);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IUserService>()
|
||||||
|
.CanAccessPremium(default)
|
||||||
|
.ReturnsForAnyArgs(true);
|
||||||
|
}
|
||||||
|
|
||||||
|
private void SetupCheckOrganizationAsyncToPass(SutProvider<TwoFactorController> sutProvider, Organization organization)
|
||||||
|
{
|
||||||
|
sutProvider.GetDependency<ICurrentContext>()
|
||||||
|
.ManagePolicies(default)
|
||||||
|
.ReturnsForAnyArgs(true);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IOrganizationRepository>()
|
||||||
|
.GetByIdAsync(default)
|
||||||
|
.ReturnsForAnyArgs(organization);
|
||||||
|
}
|
||||||
|
}
|
@ -18,8 +18,6 @@ public class OrganizationTwoFactorDuoRequestModelTests
|
|||||||
{
|
{
|
||||||
ClientId = "clientId",
|
ClientId = "clientId",
|
||||||
ClientSecret = "clientSecret",
|
ClientSecret = "clientSecret",
|
||||||
IntegrationKey = "integrationKey",
|
|
||||||
SecretKey = "secretKey",
|
|
||||||
Host = "example.com"
|
Host = "example.com"
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -30,8 +28,6 @@ public class OrganizationTwoFactorDuoRequestModelTests
|
|||||||
Assert.True(result.GetTwoFactorProviders().ContainsKey(TwoFactorProviderType.OrganizationDuo));
|
Assert.True(result.GetTwoFactorProviders().ContainsKey(TwoFactorProviderType.OrganizationDuo));
|
||||||
Assert.Equal("clientId", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["ClientId"]);
|
Assert.Equal("clientId", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["ClientId"]);
|
||||||
Assert.Equal("clientSecret", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["ClientSecret"]);
|
Assert.Equal("clientSecret", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["ClientSecret"]);
|
||||||
Assert.Equal("clientId", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["IKey"]);
|
|
||||||
Assert.Equal("clientSecret", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["SKey"]);
|
|
||||||
Assert.Equal("example.com", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["Host"]);
|
Assert.Equal("example.com", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["Host"]);
|
||||||
Assert.True(result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].Enabled);
|
Assert.True(result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].Enabled);
|
||||||
}
|
}
|
||||||
@ -49,8 +45,6 @@ public class OrganizationTwoFactorDuoRequestModelTests
|
|||||||
{
|
{
|
||||||
ClientId = "newClientId",
|
ClientId = "newClientId",
|
||||||
ClientSecret = "newClientSecret",
|
ClientSecret = "newClientSecret",
|
||||||
IntegrationKey = "newIntegrationKey",
|
|
||||||
SecretKey = "newSecretKey",
|
|
||||||
Host = "newExample.com"
|
Host = "newExample.com"
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -61,61 +55,7 @@ public class OrganizationTwoFactorDuoRequestModelTests
|
|||||||
Assert.True(result.GetTwoFactorProviders().ContainsKey(TwoFactorProviderType.OrganizationDuo));
|
Assert.True(result.GetTwoFactorProviders().ContainsKey(TwoFactorProviderType.OrganizationDuo));
|
||||||
Assert.Equal("newClientId", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["ClientId"]);
|
Assert.Equal("newClientId", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["ClientId"]);
|
||||||
Assert.Equal("newClientSecret", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["ClientSecret"]);
|
Assert.Equal("newClientSecret", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["ClientSecret"]);
|
||||||
Assert.Equal("newClientId", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["IKey"]);
|
|
||||||
Assert.Equal("newClientSecret", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["SKey"]);
|
|
||||||
Assert.Equal("newExample.com", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["Host"]);
|
Assert.Equal("newExample.com", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["Host"]);
|
||||||
Assert.True(result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].Enabled);
|
Assert.True(result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].Enabled);
|
||||||
}
|
}
|
||||||
|
|
||||||
[Fact]
|
|
||||||
public void DuoV2ParamsSync_WhenExistingProviderDoesNotExist()
|
|
||||||
{
|
|
||||||
// Arrange
|
|
||||||
var existingOrg = new Organization();
|
|
||||||
var model = new UpdateTwoFactorDuoRequestModel
|
|
||||||
{
|
|
||||||
IntegrationKey = "integrationKey",
|
|
||||||
SecretKey = "secretKey",
|
|
||||||
Host = "example.com"
|
|
||||||
};
|
|
||||||
|
|
||||||
// Act
|
|
||||||
var result = model.ToOrganization(existingOrg);
|
|
||||||
|
|
||||||
// Assert
|
|
||||||
// IKey and SKey should be the same as ClientId and ClientSecret
|
|
||||||
Assert.True(result.GetTwoFactorProviders().ContainsKey(TwoFactorProviderType.OrganizationDuo));
|
|
||||||
Assert.Equal("integrationKey", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["ClientId"]);
|
|
||||||
Assert.Equal("secretKey", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["ClientSecret"]);
|
|
||||||
Assert.Equal("integrationKey", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["IKey"]);
|
|
||||||
Assert.Equal("secretKey", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["SKey"]);
|
|
||||||
Assert.Equal("example.com", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["Host"]);
|
|
||||||
Assert.True(result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].Enabled);
|
|
||||||
}
|
|
||||||
|
|
||||||
[Fact]
|
|
||||||
public void DuoV4ParamsSync_WhenExistingProviderDoesNotExist()
|
|
||||||
{
|
|
||||||
// Arrange
|
|
||||||
var existingOrg = new Organization();
|
|
||||||
var model = new UpdateTwoFactorDuoRequestModel
|
|
||||||
{
|
|
||||||
ClientId = "clientId",
|
|
||||||
ClientSecret = "clientSecret",
|
|
||||||
Host = "example.com"
|
|
||||||
};
|
|
||||||
|
|
||||||
// Act
|
|
||||||
var result = model.ToOrganization(existingOrg);
|
|
||||||
|
|
||||||
// Assert
|
|
||||||
// IKey and SKey should be the same as ClientId and ClientSecret
|
|
||||||
Assert.True(result.GetTwoFactorProviders().ContainsKey(TwoFactorProviderType.OrganizationDuo));
|
|
||||||
Assert.Equal("clientId", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["ClientId"]);
|
|
||||||
Assert.Equal("clientSecret", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["ClientSecret"]);
|
|
||||||
Assert.Equal("clientId", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["IKey"]);
|
|
||||||
Assert.Equal("clientSecret", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["SKey"]);
|
|
||||||
Assert.Equal("example.com", result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].MetaData["Host"]);
|
|
||||||
Assert.True(result.GetTwoFactorProviders()[TwoFactorProviderType.OrganizationDuo].Enabled);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -39,12 +39,9 @@ public class TwoFactorDuoRequestModelValidationTests
|
|||||||
var result = model.Validate(new ValidationContext(model));
|
var result = model.Validate(new ValidationContext(model));
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.Single(result);
|
Assert.NotEmpty(result);
|
||||||
Assert.Equal("Neither v2 or v4 values are valid.", result.First().ErrorMessage);
|
Assert.True(result.Select(x => x.MemberNames.Contains("ClientId")).Any());
|
||||||
Assert.Contains("ClientId", result.First().MemberNames);
|
Assert.True(result.Select(x => x.MemberNames.Contains("ClientSecret")).Any());
|
||||||
Assert.Contains("ClientSecret", result.First().MemberNames);
|
|
||||||
Assert.Contains("IntegrationKey", result.First().MemberNames);
|
|
||||||
Assert.Contains("SecretKey", result.First().MemberNames);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
[Fact]
|
[Fact]
|
||||||
|
@ -17,8 +17,6 @@ public class UserTwoFactorDuoRequestModelTests
|
|||||||
{
|
{
|
||||||
ClientId = "clientId",
|
ClientId = "clientId",
|
||||||
ClientSecret = "clientSecret",
|
ClientSecret = "clientSecret",
|
||||||
IntegrationKey = "integrationKey",
|
|
||||||
SecretKey = "secretKey",
|
|
||||||
Host = "example.com"
|
Host = "example.com"
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -26,12 +24,9 @@ public class UserTwoFactorDuoRequestModelTests
|
|||||||
var result = model.ToUser(existingUser);
|
var result = model.ToUser(existingUser);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
// IKey and SKey should be the same as ClientId and ClientSecret
|
|
||||||
Assert.True(result.GetTwoFactorProviders().ContainsKey(TwoFactorProviderType.Duo));
|
Assert.True(result.GetTwoFactorProviders().ContainsKey(TwoFactorProviderType.Duo));
|
||||||
Assert.Equal("clientId", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["ClientId"]);
|
Assert.Equal("clientId", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["ClientId"]);
|
||||||
Assert.Equal("clientSecret", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["ClientSecret"]);
|
Assert.Equal("clientSecret", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["ClientSecret"]);
|
||||||
Assert.Equal("clientId", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["IKey"]);
|
|
||||||
Assert.Equal("clientSecret", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["SKey"]);
|
|
||||||
Assert.Equal("example.com", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["Host"]);
|
Assert.Equal("example.com", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["Host"]);
|
||||||
Assert.True(result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].Enabled);
|
Assert.True(result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].Enabled);
|
||||||
}
|
}
|
||||||
@ -49,8 +44,6 @@ public class UserTwoFactorDuoRequestModelTests
|
|||||||
{
|
{
|
||||||
ClientId = "newClientId",
|
ClientId = "newClientId",
|
||||||
ClientSecret = "newClientSecret",
|
ClientSecret = "newClientSecret",
|
||||||
IntegrationKey = "newIntegrationKey",
|
|
||||||
SecretKey = "newSecretKey",
|
|
||||||
Host = "newExample.com"
|
Host = "newExample.com"
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -58,65 +51,10 @@ public class UserTwoFactorDuoRequestModelTests
|
|||||||
var result = model.ToUser(existingUser);
|
var result = model.ToUser(existingUser);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
// IKey and SKey should be the same as ClientId and ClientSecret
|
|
||||||
Assert.True(result.GetTwoFactorProviders().ContainsKey(TwoFactorProviderType.Duo));
|
Assert.True(result.GetTwoFactorProviders().ContainsKey(TwoFactorProviderType.Duo));
|
||||||
Assert.Equal("newClientId", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["ClientId"]);
|
Assert.Equal("newClientId", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["ClientId"]);
|
||||||
Assert.Equal("newClientSecret", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["ClientSecret"]);
|
Assert.Equal("newClientSecret", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["ClientSecret"]);
|
||||||
Assert.Equal("newClientId", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["IKey"]);
|
|
||||||
Assert.Equal("newClientSecret", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["SKey"]);
|
|
||||||
Assert.Equal("newExample.com", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["Host"]);
|
Assert.Equal("newExample.com", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["Host"]);
|
||||||
Assert.True(result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].Enabled);
|
Assert.True(result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].Enabled);
|
||||||
}
|
}
|
||||||
|
|
||||||
[Fact]
|
|
||||||
public void DuoV2ParamsSync_WhenExistingProviderDoesNotExist()
|
|
||||||
{
|
|
||||||
// Arrange
|
|
||||||
var existingUser = new User();
|
|
||||||
var model = new UpdateTwoFactorDuoRequestModel
|
|
||||||
{
|
|
||||||
IntegrationKey = "integrationKey",
|
|
||||||
SecretKey = "secretKey",
|
|
||||||
Host = "example.com"
|
|
||||||
};
|
|
||||||
|
|
||||||
// Act
|
|
||||||
var result = model.ToUser(existingUser);
|
|
||||||
|
|
||||||
// Assert
|
|
||||||
// IKey and SKey should be the same as ClientId and ClientSecret
|
|
||||||
Assert.True(result.GetTwoFactorProviders().ContainsKey(TwoFactorProviderType.Duo));
|
|
||||||
Assert.Equal("integrationKey", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["ClientId"]);
|
|
||||||
Assert.Equal("secretKey", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["ClientSecret"]);
|
|
||||||
Assert.Equal("integrationKey", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["IKey"]);
|
|
||||||
Assert.Equal("secretKey", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["SKey"]);
|
|
||||||
Assert.Equal("example.com", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["Host"]);
|
|
||||||
Assert.True(result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].Enabled);
|
|
||||||
}
|
|
||||||
|
|
||||||
[Fact]
|
|
||||||
public void DuoV4ParamsSync_WhenExistingProviderDoesNotExist()
|
|
||||||
{
|
|
||||||
// Arrange
|
|
||||||
var existingUser = new User();
|
|
||||||
var model = new UpdateTwoFactorDuoRequestModel
|
|
||||||
{
|
|
||||||
ClientId = "clientId",
|
|
||||||
ClientSecret = "clientSecret",
|
|
||||||
Host = "example.com"
|
|
||||||
};
|
|
||||||
|
|
||||||
// Act
|
|
||||||
var result = model.ToUser(existingUser);
|
|
||||||
|
|
||||||
// Assert
|
|
||||||
// IKey and SKey should be the same as ClientId and ClientSecret
|
|
||||||
Assert.True(result.GetTwoFactorProviders().ContainsKey(TwoFactorProviderType.Duo));
|
|
||||||
Assert.Equal("clientId", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["ClientId"]);
|
|
||||||
Assert.Equal("clientSecret", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["ClientSecret"]);
|
|
||||||
Assert.Equal("clientId", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["IKey"]);
|
|
||||||
Assert.Equal("clientSecret", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["SKey"]);
|
|
||||||
Assert.Equal("example.com", result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].MetaData["Host"]);
|
|
||||||
Assert.True(result.GetTwoFactorProviders()[TwoFactorProviderType.Duo].Enabled);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -8,42 +8,6 @@ namespace Bit.Api.Test.Auth.Models.Response;
|
|||||||
|
|
||||||
public class OrganizationTwoFactorDuoResponseModelTests
|
public class OrganizationTwoFactorDuoResponseModelTests
|
||||||
{
|
{
|
||||||
[Theory]
|
|
||||||
[BitAutoData]
|
|
||||||
public void Organization_WithDuoV4_ShouldBuildModel(Organization organization)
|
|
||||||
{
|
|
||||||
// Arrange
|
|
||||||
organization.TwoFactorProviders = GetTwoFactorOrganizationDuoV4ProvidersJson();
|
|
||||||
|
|
||||||
// Act
|
|
||||||
var model = new TwoFactorDuoResponseModel(organization);
|
|
||||||
|
|
||||||
// Assert if v4 data Ikey and Skey are set to clientId and clientSecret
|
|
||||||
Assert.NotNull(model);
|
|
||||||
Assert.Equal("clientId", model.ClientId);
|
|
||||||
Assert.Equal("secret************", model.ClientSecret);
|
|
||||||
Assert.Equal("clientId", model.IntegrationKey);
|
|
||||||
Assert.Equal("secret************", model.SecretKey);
|
|
||||||
}
|
|
||||||
|
|
||||||
[Theory]
|
|
||||||
[BitAutoData]
|
|
||||||
public void Organization_WithDuoV2_ShouldBuildModel(Organization organization)
|
|
||||||
{
|
|
||||||
// Arrange
|
|
||||||
organization.TwoFactorProviders = GetTwoFactorOrganizationDuoV2ProvidersJson();
|
|
||||||
|
|
||||||
// Act
|
|
||||||
var model = new TwoFactorDuoResponseModel(organization);
|
|
||||||
|
|
||||||
// Assert if only v2 data clientId and clientSecret are set to Ikey and Sk
|
|
||||||
Assert.NotNull(model);
|
|
||||||
Assert.Equal("IKey", model.ClientId);
|
|
||||||
Assert.Equal("SKey", model.ClientSecret);
|
|
||||||
Assert.Equal("IKey", model.IntegrationKey);
|
|
||||||
Assert.Equal("SKey", model.SecretKey);
|
|
||||||
}
|
|
||||||
|
|
||||||
[Theory]
|
[Theory]
|
||||||
[BitAutoData]
|
[BitAutoData]
|
||||||
public void Organization_WithDuo_ShouldBuildModel(Organization organization)
|
public void Organization_WithDuo_ShouldBuildModel(Organization organization)
|
||||||
@ -54,12 +18,10 @@ public class OrganizationTwoFactorDuoResponseModelTests
|
|||||||
// Act
|
// Act
|
||||||
var model = new TwoFactorDuoResponseModel(organization);
|
var model = new TwoFactorDuoResponseModel(organization);
|
||||||
|
|
||||||
/// Assert Even if both versions are present priority is given to v4 data
|
// Assert
|
||||||
Assert.NotNull(model);
|
Assert.NotNull(model);
|
||||||
Assert.Equal("clientId", model.ClientId);
|
Assert.Equal("clientId", model.ClientId);
|
||||||
Assert.Equal("secret************", model.ClientSecret);
|
Assert.Equal("secret************", model.ClientSecret);
|
||||||
Assert.Equal("clientId", model.IntegrationKey);
|
|
||||||
Assert.Equal("secret************", model.SecretKey);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
[Theory]
|
[Theory]
|
||||||
@ -72,38 +34,33 @@ public class OrganizationTwoFactorDuoResponseModelTests
|
|||||||
// Act
|
// Act
|
||||||
var model = new TwoFactorDuoResponseModel(organization);
|
var model = new TwoFactorDuoResponseModel(organization);
|
||||||
|
|
||||||
/// Assert
|
// Assert
|
||||||
Assert.False(model.Enabled);
|
Assert.False(model.Enabled);
|
||||||
}
|
}
|
||||||
|
|
||||||
[Theory]
|
[Theory]
|
||||||
[BitAutoData]
|
[BitAutoData]
|
||||||
public void Organization_WithTwoFactorProvidersNull_ShouldFail(Organization organization)
|
public void Organization_WithTwoFactorProvidersNull_ShouldThrow(Organization organization)
|
||||||
{
|
{
|
||||||
// Arrange
|
// Arrange
|
||||||
organization.TwoFactorProviders = "{\"6\" : {}}";
|
organization.TwoFactorProviders = null;
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
|
try
|
||||||
|
{
|
||||||
var model = new TwoFactorDuoResponseModel(organization);
|
var model = new TwoFactorDuoResponseModel(organization);
|
||||||
|
|
||||||
/// Assert
|
}
|
||||||
Assert.False(model.Enabled);
|
catch (Exception ex)
|
||||||
|
{
|
||||||
|
// Assert
|
||||||
|
Assert.IsType<ArgumentNullException>(ex);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private string GetTwoFactorOrganizationDuoProvidersJson()
|
private string GetTwoFactorOrganizationDuoProvidersJson()
|
||||||
{
|
|
||||||
return
|
|
||||||
"{\"6\":{\"Enabled\":true,\"MetaData\":{\"SKey\":\"SKey\",\"IKey\":\"IKey\",\"ClientSecret\":\"secretClientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
|
|
||||||
}
|
|
||||||
|
|
||||||
private string GetTwoFactorOrganizationDuoV4ProvidersJson()
|
|
||||||
{
|
{
|
||||||
return
|
return
|
||||||
"{\"6\":{\"Enabled\":true,\"MetaData\":{\"ClientSecret\":\"secretClientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
|
"{\"6\":{\"Enabled\":true,\"MetaData\":{\"ClientSecret\":\"secretClientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
|
||||||
}
|
}
|
||||||
|
|
||||||
private string GetTwoFactorOrganizationDuoV2ProvidersJson()
|
|
||||||
{
|
|
||||||
return "{\"6\":{\"Enabled\":true,\"MetaData\":{\"SKey\":\"SKey\",\"IKey\":\"IKey\",\"Host\":\"example.com\"}}}";
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -10,38 +10,21 @@ public class UserTwoFactorDuoResponseModelTests
|
|||||||
{
|
{
|
||||||
[Theory]
|
[Theory]
|
||||||
[BitAutoData]
|
[BitAutoData]
|
||||||
public void User_WithDuoV4_ShouldBuildModel(User user)
|
public void User_WithDuo_UserNull_ThrowsArgumentException(User user)
|
||||||
{
|
{
|
||||||
// Arrange
|
// Arrange
|
||||||
user.TwoFactorProviders = GetTwoFactorDuoV4ProvidersJson();
|
user.TwoFactorProviders = GetTwoFactorDuoProvidersJson();
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var model = new TwoFactorDuoResponseModel(user);
|
try
|
||||||
|
{
|
||||||
// Assert if v4 data Ikey and Skey are set to clientId and clientSecret
|
var model = new TwoFactorDuoResponseModel(null as User);
|
||||||
Assert.NotNull(model);
|
|
||||||
Assert.Equal("clientId", model.ClientId);
|
|
||||||
Assert.Equal("secret************", model.ClientSecret);
|
|
||||||
Assert.Equal("clientId", model.IntegrationKey);
|
|
||||||
Assert.Equal("secret************", model.SecretKey);
|
|
||||||
}
|
}
|
||||||
|
catch (ArgumentNullException e)
|
||||||
[Theory]
|
|
||||||
[BitAutoData]
|
|
||||||
public void User_WithDuov2_ShouldBuildModel(User user)
|
|
||||||
{
|
{
|
||||||
// Arrange
|
// Assert
|
||||||
user.TwoFactorProviders = GetTwoFactorDuoV2ProvidersJson();
|
Assert.Equal("Value cannot be null. (Parameter 'user')", e.Message);
|
||||||
|
}
|
||||||
// Act
|
|
||||||
var model = new TwoFactorDuoResponseModel(user);
|
|
||||||
|
|
||||||
// Assert if only v2 data clientId and clientSecret are set to Ikey and Skey
|
|
||||||
Assert.NotNull(model);
|
|
||||||
Assert.Equal("IKey", model.ClientId);
|
|
||||||
Assert.Equal("SKey", model.ClientSecret);
|
|
||||||
Assert.Equal("IKey", model.IntegrationKey);
|
|
||||||
Assert.Equal("SKey", model.SecretKey);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
[Theory]
|
[Theory]
|
||||||
@ -54,12 +37,10 @@ public class UserTwoFactorDuoResponseModelTests
|
|||||||
// Act
|
// Act
|
||||||
var model = new TwoFactorDuoResponseModel(user);
|
var model = new TwoFactorDuoResponseModel(user);
|
||||||
|
|
||||||
// Assert Even if both versions are present priority is given to v4 data
|
// Assert
|
||||||
Assert.NotNull(model);
|
Assert.NotNull(model);
|
||||||
Assert.Equal("clientId", model.ClientId);
|
Assert.Equal("clientId", model.ClientId);
|
||||||
Assert.Equal("secret************", model.ClientSecret);
|
Assert.Equal("secret************", model.ClientSecret);
|
||||||
Assert.Equal("clientId", model.IntegrationKey);
|
|
||||||
Assert.Equal("secret************", model.SecretKey);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
[Theory]
|
[Theory]
|
||||||
@ -84,26 +65,23 @@ public class UserTwoFactorDuoResponseModelTests
|
|||||||
user.TwoFactorProviders = null;
|
user.TwoFactorProviders = null;
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
|
try
|
||||||
|
{
|
||||||
var model = new TwoFactorDuoResponseModel(user);
|
var model = new TwoFactorDuoResponseModel(user);
|
||||||
|
|
||||||
/// Assert
|
}
|
||||||
Assert.False(model.Enabled);
|
catch (Exception ex)
|
||||||
|
{
|
||||||
|
// Assert
|
||||||
|
Assert.IsType<ArgumentNullException>(ex);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private string GetTwoFactorDuoProvidersJson()
|
private string GetTwoFactorDuoProvidersJson()
|
||||||
{
|
|
||||||
return
|
|
||||||
"{\"2\":{\"Enabled\":true,\"MetaData\":{\"SKey\":\"SKey\",\"IKey\":\"IKey\",\"ClientSecret\":\"secretClientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
|
|
||||||
}
|
|
||||||
|
|
||||||
private string GetTwoFactorDuoV4ProvidersJson()
|
|
||||||
{
|
{
|
||||||
return
|
return
|
||||||
"{\"2\":{\"Enabled\":true,\"MetaData\":{\"ClientSecret\":\"secretClientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
|
"{\"2\":{\"Enabled\":true,\"MetaData\":{\"ClientSecret\":\"secretClientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
|
||||||
}
|
}
|
||||||
|
|
||||||
private string GetTwoFactorDuoV2ProvidersJson()
|
|
||||||
{
|
|
||||||
return "{\"2\":{\"Enabled\":true,\"MetaData\":{\"SKey\":\"SKey\",\"IKey\":\"IKey\",\"Host\":\"example.com\"}}}";
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -13,8 +13,8 @@ namespace Bit.Test.Common.AutoFixture.Attributes;
|
|||||||
public abstract class BitCustomizeAttribute : Attribute
|
public abstract class BitCustomizeAttribute : Attribute
|
||||||
{
|
{
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// /// Gets a customization for the method's parameters.
|
/// Gets a customization for the method's parameters.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <returns>A customization for the method's paramters.</returns>
|
/// <returns>A customization for the method's parameters.</returns>
|
||||||
public abstract ICustomization GetCustomization();
|
public abstract ICustomization GetCustomization();
|
||||||
}
|
}
|
||||||
|
@ -14,34 +14,13 @@ namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.OrganizationUsers;
|
|||||||
public class UpdateOrganizationUserGroupsCommandTests
|
public class UpdateOrganizationUserGroupsCommandTests
|
||||||
{
|
{
|
||||||
[Theory, BitAutoData]
|
[Theory, BitAutoData]
|
||||||
public async Task UpdateUserGroups_Passes(
|
public async Task UpdateUserGroups_ShouldUpdateUserGroupsAndLogUserEvent(
|
||||||
OrganizationUser organizationUser,
|
OrganizationUser organizationUser,
|
||||||
IEnumerable<Guid> groupIds,
|
IEnumerable<Guid> groupIds,
|
||||||
SutProvider<UpdateOrganizationUserGroupsCommand> sutProvider)
|
SutProvider<UpdateOrganizationUserGroupsCommand> sutProvider)
|
||||||
{
|
{
|
||||||
await sutProvider.Sut.UpdateUserGroupsAsync(organizationUser, groupIds, null);
|
await sutProvider.Sut.UpdateUserGroupsAsync(organizationUser, groupIds);
|
||||||
|
|
||||||
await sutProvider.GetDependency<IOrganizationService>().DidNotReceiveWithAnyArgs()
|
|
||||||
.ValidateOrganizationUserUpdatePermissions(default, default, default, default);
|
|
||||||
await sutProvider.GetDependency<IOrganizationUserRepository>().Received(1)
|
|
||||||
.UpdateGroupsAsync(organizationUser.Id, groupIds);
|
|
||||||
await sutProvider.GetDependency<IEventService>().Received(1)
|
|
||||||
.LogOrganizationUserEventAsync(organizationUser, EventType.OrganizationUser_UpdatedGroups);
|
|
||||||
}
|
|
||||||
|
|
||||||
[Theory, BitAutoData]
|
|
||||||
public async Task UpdateUserGroups_WithSavingUserId_Passes(
|
|
||||||
OrganizationUser organizationUser,
|
|
||||||
IEnumerable<Guid> groupIds,
|
|
||||||
Guid savingUserId,
|
|
||||||
SutProvider<UpdateOrganizationUserGroupsCommand> sutProvider)
|
|
||||||
{
|
|
||||||
organizationUser.Permissions = null;
|
|
||||||
|
|
||||||
await sutProvider.Sut.UpdateUserGroupsAsync(organizationUser, groupIds, savingUserId);
|
|
||||||
|
|
||||||
await sutProvider.GetDependency<IOrganizationService>().Received(1)
|
|
||||||
.ValidateOrganizationUserUpdatePermissions(organizationUser.OrganizationId, organizationUser.Type, null, organizationUser.GetPermissions());
|
|
||||||
await sutProvider.GetDependency<IOrganizationUserRepository>().Received(1)
|
await sutProvider.GetDependency<IOrganizationUserRepository>().Received(1)
|
||||||
.UpdateGroupsAsync(organizationUser.Id, groupIds);
|
.UpdateGroupsAsync(organizationUser.Id, groupIds);
|
||||||
await sutProvider.GetDependency<IEventService>().Received(1)
|
await sutProvider.GetDependency<IEventService>().Received(1)
|
||||||
|
@ -0,0 +1,75 @@
|
|||||||
|
using Bit.Core.AdminConsole.Entities;
|
||||||
|
using Bit.Core.AdminConsole.Enums;
|
||||||
|
using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Models;
|
||||||
|
using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyValidators;
|
||||||
|
using Bit.Core.Entities;
|
||||||
|
using Bit.Core.Repositories;
|
||||||
|
using Bit.Core.Services;
|
||||||
|
using Bit.Core.Test.AdminConsole.AutoFixture;
|
||||||
|
using Bit.Test.Common.AutoFixture;
|
||||||
|
using Bit.Test.Common.AutoFixture.Attributes;
|
||||||
|
using NSubstitute;
|
||||||
|
using Xunit;
|
||||||
|
|
||||||
|
namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.Policies.PolicyValidators;
|
||||||
|
|
||||||
|
[SutProviderCustomize]
|
||||||
|
public class FreeFamiliesForEnterprisePolicyValidatorTests
|
||||||
|
{
|
||||||
|
[Theory, BitAutoData]
|
||||||
|
public async Task OnSaveSideEffectsAsync_DoesNotNotifyUserWhenPolicyDisabled(
|
||||||
|
Organization organization,
|
||||||
|
List<OrganizationSponsorship> organizationSponsorships,
|
||||||
|
[PolicyUpdate(PolicyType.FreeFamiliesSponsorshipPolicy)] PolicyUpdate policyUpdate,
|
||||||
|
[Policy(PolicyType.FreeFamiliesSponsorshipPolicy, true)] Policy policy,
|
||||||
|
SutProvider<FreeFamiliesForEnterprisePolicyValidator> sutProvider)
|
||||||
|
{
|
||||||
|
|
||||||
|
policy.Enabled = true;
|
||||||
|
policyUpdate.Enabled = false;
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IOrganizationRepository>()
|
||||||
|
.GetByIdAsync(policyUpdate.OrganizationId)
|
||||||
|
.Returns(organization);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IOrganizationSponsorshipRepository>()
|
||||||
|
.GetManyBySponsoringOrganizationAsync(policyUpdate.OrganizationId)
|
||||||
|
.Returns(organizationSponsorships);
|
||||||
|
|
||||||
|
await sutProvider.Sut.OnSaveSideEffectsAsync(policyUpdate, policy);
|
||||||
|
|
||||||
|
await sutProvider.GetDependency<IMailService>().DidNotReceive()
|
||||||
|
.SendFamiliesForEnterpriseRemoveSponsorshipsEmailAsync(organizationSponsorships[0].FriendlyName, organizationSponsorships[0].ValidUntil.ToString(),
|
||||||
|
organizationSponsorships[0].SponsoredOrganizationId.ToString(), organization.DisplayName());
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory, BitAutoData]
|
||||||
|
public async Task OnSaveSideEffectsAsync_DoesNotifyUserWhenPolicyDisabled(
|
||||||
|
Organization organization,
|
||||||
|
List<OrganizationSponsorship> organizationSponsorships,
|
||||||
|
[PolicyUpdate(PolicyType.FreeFamiliesSponsorshipPolicy)] PolicyUpdate policyUpdate,
|
||||||
|
[Policy(PolicyType.FreeFamiliesSponsorshipPolicy, true)] Policy policy,
|
||||||
|
SutProvider<FreeFamiliesForEnterprisePolicyValidator> sutProvider)
|
||||||
|
{
|
||||||
|
|
||||||
|
policy.Enabled = false;
|
||||||
|
policyUpdate.Enabled = true;
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IOrganizationRepository>()
|
||||||
|
.GetByIdAsync(policyUpdate.OrganizationId)
|
||||||
|
.Returns(organization);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IOrganizationSponsorshipRepository>()
|
||||||
|
.GetManyBySponsoringOrganizationAsync(policyUpdate.OrganizationId)
|
||||||
|
.Returns(organizationSponsorships);
|
||||||
|
// Act
|
||||||
|
await sutProvider.Sut.OnSaveSideEffectsAsync(policyUpdate, policy);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
var offerAcceptanceDate = organizationSponsorships[0].ValidUntil!.Value.AddDays(-7).ToString("MM/dd/yyyy");
|
||||||
|
await sutProvider.GetDependency<IMailService>().Received(1)
|
||||||
|
.SendFamiliesForEnterpriseRemoveSponsorshipsEmailAsync(organizationSponsorships[0].FriendlyName, offerAcceptanceDate,
|
||||||
|
organizationSponsorships[0].SponsoredOrganizationId.ToString(), organization.Name);
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
@ -1,5 +1,5 @@
|
|||||||
using Bit.Core.Auth.Enums;
|
using Bit.Core.Auth.Enums;
|
||||||
using Bit.Core.Auth.Identity;
|
using Bit.Core.Auth.Identity.TokenProviders;
|
||||||
using Bit.Core.Entities;
|
using Bit.Core.Entities;
|
||||||
using Bit.Test.Common.AutoFixture;
|
using Bit.Test.Common.AutoFixture;
|
||||||
using Bit.Test.Common.AutoFixture.Attributes;
|
using Bit.Test.Common.AutoFixture.Attributes;
|
||||||
|
@ -19,7 +19,6 @@ public abstract class BaseTokenProviderTests<T>
|
|||||||
{
|
{
|
||||||
public abstract TwoFactorProviderType TwoFactorProviderType { get; }
|
public abstract TwoFactorProviderType TwoFactorProviderType { get; }
|
||||||
|
|
||||||
#region Helpers
|
|
||||||
protected static IEnumerable<object[]> SetupCanGenerateData(params (Dictionary<string, object> MetaData, bool ExpectedResponse)[] data)
|
protected static IEnumerable<object[]> SetupCanGenerateData(params (Dictionary<string, object> MetaData, bool ExpectedResponse)[] data)
|
||||||
{
|
{
|
||||||
return data.Select(d =>
|
return data.Select(d =>
|
||||||
@ -48,6 +47,9 @@ public abstract class BaseTokenProviderTests<T>
|
|||||||
userService
|
userService
|
||||||
.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType, user)
|
.TwoFactorProviderIsEnabledAsync(TwoFactorProviderType, user)
|
||||||
.Returns(true);
|
.Returns(true);
|
||||||
|
userService
|
||||||
|
.CanAccessPremium(user)
|
||||||
|
.Returns(true);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected static UserManager<User> SubstituteUserManager()
|
protected static UserManager<User> SubstituteUserManager()
|
||||||
@ -76,7 +78,6 @@ public abstract class BaseTokenProviderTests<T>
|
|||||||
|
|
||||||
user.TwoFactorProviders = JsonHelpers.LegacySerialize(providers);
|
user.TwoFactorProviders = JsonHelpers.LegacySerialize(providers);
|
||||||
}
|
}
|
||||||
#endregion
|
|
||||||
|
|
||||||
public virtual async Task RunCanGenerateTwoFactorTokenAsync(Dictionary<string, object> metaData, bool expectedResponse,
|
public virtual async Task RunCanGenerateTwoFactorTokenAsync(Dictionary<string, object> metaData, bool expectedResponse,
|
||||||
User user, SutProvider<T> sutProvider)
|
User user, SutProvider<T> sutProvider)
|
||||||
|
@ -0,0 +1,262 @@
|
|||||||
|
using Bit.Core.Auth.Enums;
|
||||||
|
using Bit.Core.Auth.Identity.TokenProviders;
|
||||||
|
using Bit.Core.Auth.Models;
|
||||||
|
using Bit.Core.Auth.Models.Business.Tokenables;
|
||||||
|
using Bit.Core.Entities;
|
||||||
|
using Bit.Core.Tokens;
|
||||||
|
using Bit.Test.Common.AutoFixture;
|
||||||
|
using Bit.Test.Common.AutoFixture.Attributes;
|
||||||
|
using NSubstitute;
|
||||||
|
using Xunit;
|
||||||
|
using Duo = DuoUniversal;
|
||||||
|
|
||||||
|
namespace Bit.Core.Test.Auth.Identity;
|
||||||
|
|
||||||
|
public class DuoUniversalTwoFactorTokenProviderTests : BaseTokenProviderTests<DuoUniversalTokenProvider>
|
||||||
|
{
|
||||||
|
private readonly IDuoUniversalTokenService _duoUniversalTokenService = Substitute.For<IDuoUniversalTokenService>();
|
||||||
|
public override TwoFactorProviderType TwoFactorProviderType => TwoFactorProviderType.Duo;
|
||||||
|
|
||||||
|
public static IEnumerable<object[]> CanGenerateTwoFactorTokenAsyncData
|
||||||
|
=> SetupCanGenerateData(
|
||||||
|
( // correct data
|
||||||
|
new Dictionary<string, object>
|
||||||
|
{
|
||||||
|
["ClientId"] = new string('c', 20),
|
||||||
|
["ClientSecret"] = new string('s', 40),
|
||||||
|
["Host"] = "https://api-abcd1234.duosecurity.com",
|
||||||
|
},
|
||||||
|
true
|
||||||
|
),
|
||||||
|
( // correct data duo federal
|
||||||
|
new Dictionary<string, object>
|
||||||
|
{
|
||||||
|
["ClientId"] = new string('c', 20),
|
||||||
|
["ClientSecret"] = new string('s', 40),
|
||||||
|
["Host"] = "https://api-abcd1234.duofederal.com",
|
||||||
|
},
|
||||||
|
true
|
||||||
|
),
|
||||||
|
( // correct data duo federal
|
||||||
|
new Dictionary<string, object>
|
||||||
|
{
|
||||||
|
["ClientId"] = new string('c', 20),
|
||||||
|
["ClientSecret"] = new string('s', 40),
|
||||||
|
["Host"] = "https://api-abcd1234.duofederal.com",
|
||||||
|
},
|
||||||
|
true
|
||||||
|
),
|
||||||
|
( // invalid host
|
||||||
|
new Dictionary<string, object>
|
||||||
|
{
|
||||||
|
["ClientId"] = new string('c', 20),
|
||||||
|
["ClientSecret"] = new string('s', 40),
|
||||||
|
["Host"] = "",
|
||||||
|
},
|
||||||
|
false
|
||||||
|
),
|
||||||
|
( // clientId missing
|
||||||
|
new Dictionary<string, object>
|
||||||
|
{
|
||||||
|
["ClientSecret"] = new string('s', 40),
|
||||||
|
["Host"] = "https://api-abcd1234.duofederal.com",
|
||||||
|
},
|
||||||
|
false
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
|
public static IEnumerable<object[]> NonPremiumCanGenerateTwoFactorTokenAsyncData
|
||||||
|
=> SetupCanGenerateData(
|
||||||
|
( // correct data
|
||||||
|
new Dictionary<string, object>
|
||||||
|
{
|
||||||
|
["ClientId"] = new string('c', 20),
|
||||||
|
["ClientSecret"] = new string('s', 40),
|
||||||
|
["Host"] = "https://api-abcd1234.duosecurity.com",
|
||||||
|
},
|
||||||
|
false
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
|
[Theory, BitMemberAutoData(nameof(CanGenerateTwoFactorTokenAsyncData))]
|
||||||
|
public override async Task RunCanGenerateTwoFactorTokenAsync(Dictionary<string, object> metaData, bool expectedResponse,
|
||||||
|
User user, SutProvider<DuoUniversalTokenProvider> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
user.Premium = true;
|
||||||
|
user.PremiumExpirationDate = DateTime.UtcNow.AddDays(1);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.HasProperDuoMetadata(Arg.Any<TwoFactorProvider>())
|
||||||
|
.Returns(expectedResponse);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
// Assert
|
||||||
|
await base.RunCanGenerateTwoFactorTokenAsync(metaData, expectedResponse, user, sutProvider);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory, BitMemberAutoData(nameof(NonPremiumCanGenerateTwoFactorTokenAsyncData))]
|
||||||
|
public async Task CanGenerateTwoFactorTokenAsync_UserCanNotAccessPremium_ReturnsNull(Dictionary<string, object> metaData, bool expectedResponse,
|
||||||
|
User user, SutProvider<DuoUniversalTokenProvider> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
user.Premium = false;
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.HasProperDuoMetadata(Arg.Any<TwoFactorProvider>())
|
||||||
|
.Returns(expectedResponse);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
// Assert
|
||||||
|
await base.RunCanGenerateTwoFactorTokenAsync(metaData, expectedResponse, user, sutProvider);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public async Task GenerateToken_Success_ReturnsAuthUrl(
|
||||||
|
User user, SutProvider<DuoUniversalTokenProvider> sutProvider, string authUrl)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
SetUpProperDuoUniversalTokenService(user, sutProvider);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.GenerateAuthUrl(
|
||||||
|
Arg.Any<Duo.Client>(),
|
||||||
|
Arg.Any<IDataProtectorTokenFactory<DuoUserStateTokenable>>(),
|
||||||
|
user)
|
||||||
|
.Returns(authUrl);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var token = await sutProvider.Sut.GenerateAsync("purpose", SubstituteUserManager(), user);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.NotNull(token);
|
||||||
|
Assert.Equal(token, authUrl);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public async Task GenerateToken_DuoClientNull_ReturnsNull(
|
||||||
|
User user, SutProvider<DuoUniversalTokenProvider> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
user.Premium = true;
|
||||||
|
user.TwoFactorProviders = GetTwoFactorDuoProvidersJson();
|
||||||
|
AdditionalSetup(sutProvider, user);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.HasProperDuoMetadata(Arg.Any<TwoFactorProvider>())
|
||||||
|
.Returns(true);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.BuildDuoTwoFactorClientAsync(Arg.Any<TwoFactorProvider>())
|
||||||
|
.Returns(null as Duo.Client);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var token = await sutProvider.Sut.GenerateAsync("purpose", SubstituteUserManager(), user);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.Null(token);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public async Task GenerateToken_UserCanNotAccessPremium_ReturnsNull(
|
||||||
|
User user, SutProvider<DuoUniversalTokenProvider> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
user.Premium = false;
|
||||||
|
user.TwoFactorProviders = GetTwoFactorDuoProvidersJson();
|
||||||
|
AdditionalSetup(sutProvider, user);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var token = await sutProvider.Sut.GenerateAsync("purpose", SubstituteUserManager(), user);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.Null(token);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public async Task ValidateToken_ValidToken_ReturnsTrue(
|
||||||
|
User user, SutProvider<DuoUniversalTokenProvider> sutProvider, string token)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
SetUpProperDuoUniversalTokenService(user, sutProvider);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.RequestDuoValidationAsync(
|
||||||
|
Arg.Any<Duo.Client>(),
|
||||||
|
Arg.Any<IDataProtectorTokenFactory<DuoUserStateTokenable>>(),
|
||||||
|
user,
|
||||||
|
token)
|
||||||
|
.Returns(true);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var response = await sutProvider.Sut.ValidateAsync("purpose", token, SubstituteUserManager(), user);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.True(response);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public async Task ValidateToken_DuoClientNull_ReturnsFalse(
|
||||||
|
User user, SutProvider<DuoUniversalTokenProvider> sutProvider, string token)
|
||||||
|
{
|
||||||
|
user.Premium = true;
|
||||||
|
user.TwoFactorProviders = GetTwoFactorDuoProvidersJson();
|
||||||
|
AdditionalSetup(sutProvider, user);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.HasProperDuoMetadata(Arg.Any<TwoFactorProvider>())
|
||||||
|
.Returns(true);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.BuildDuoTwoFactorClientAsync(Arg.Any<TwoFactorProvider>())
|
||||||
|
.Returns(null as Duo.Client);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var result = await sutProvider.Sut.ValidateAsync("purpose", token, SubstituteUserManager(), user);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.False(result);
|
||||||
|
}
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Ensures that the IDuoUniversalTokenService is properly setup for the test.
|
||||||
|
/// This ensures that the private GetDuoClientAsync, and GetDuoTwoFactorProvider
|
||||||
|
/// methods will return true enabling the test to execute on the correct path.
|
||||||
|
/// </summary>
|
||||||
|
/// <param name="user">user from calling test</param>
|
||||||
|
/// <param name="sutProvider">self</param>
|
||||||
|
private void SetUpProperDuoUniversalTokenService(User user, SutProvider<DuoUniversalTokenProvider> sutProvider)
|
||||||
|
{
|
||||||
|
user.Premium = true;
|
||||||
|
user.TwoFactorProviders = GetTwoFactorDuoProvidersJson();
|
||||||
|
var client = BuildDuoClient();
|
||||||
|
|
||||||
|
AdditionalSetup(sutProvider, user);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.HasProperDuoMetadata(Arg.Any<TwoFactorProvider>())
|
||||||
|
.Returns(true);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.BuildDuoTwoFactorClientAsync(Arg.Any<TwoFactorProvider>())
|
||||||
|
.Returns(client);
|
||||||
|
}
|
||||||
|
|
||||||
|
private Duo.Client BuildDuoClient()
|
||||||
|
{
|
||||||
|
var clientId = new string('c', 20);
|
||||||
|
var clientSecret = new string('s', 40);
|
||||||
|
return new Duo.ClientBuilder(clientId, clientSecret, "api-abcd1234.duosecurity.com", "redirectUrl").Build();
|
||||||
|
}
|
||||||
|
|
||||||
|
private string GetTwoFactorDuoProvidersJson()
|
||||||
|
{
|
||||||
|
return
|
||||||
|
"{\"2\":{\"Enabled\":true,\"MetaData\":{\"ClientSecret\":\"secretClientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
|
||||||
|
}
|
||||||
|
}
|
@ -1,5 +1,5 @@
|
|||||||
using Bit.Core.Auth.Enums;
|
using Bit.Core.Auth.Enums;
|
||||||
using Bit.Core.Auth.Identity;
|
using Bit.Core.Auth.Identity.TokenProviders;
|
||||||
using Bit.Core.Entities;
|
using Bit.Core.Entities;
|
||||||
using Bit.Test.Common.AutoFixture;
|
using Bit.Test.Common.AutoFixture;
|
||||||
using Bit.Test.Common.AutoFixture.Attributes;
|
using Bit.Test.Common.AutoFixture.Attributes;
|
||||||
|
@ -0,0 +1,289 @@
|
|||||||
|
using Bit.Core.AdminConsole.Entities;
|
||||||
|
using Bit.Core.Auth.Identity.TokenProviders;
|
||||||
|
using Bit.Core.Auth.Models;
|
||||||
|
using Bit.Core.Auth.Models.Business.Tokenables;
|
||||||
|
using Bit.Core.Entities;
|
||||||
|
using Bit.Core.Tokens;
|
||||||
|
using Bit.Test.Common.AutoFixture;
|
||||||
|
using Bit.Test.Common.AutoFixture.Attributes;
|
||||||
|
using NSubstitute;
|
||||||
|
using Xunit;
|
||||||
|
using Duo = DuoUniversal;
|
||||||
|
|
||||||
|
namespace Bit.Core.Test.Auth.Identity;
|
||||||
|
|
||||||
|
[SutProviderCustomize]
|
||||||
|
public class OrganizationDuoUniversalTwoFactorTokenProviderTests
|
||||||
|
{
|
||||||
|
private readonly IDuoUniversalTokenService _duoUniversalTokenService = Substitute.For<IDuoUniversalTokenService>();
|
||||||
|
private readonly IDataProtectorTokenFactory<DuoUserStateTokenable> _tokenDataFactory = Substitute.For<IDataProtectorTokenFactory<DuoUserStateTokenable>>();
|
||||||
|
|
||||||
|
// Happy path
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public async Task CanGenerateTwoFactorTokenAsync_ReturnsTrue(
|
||||||
|
Organization organization, SutProvider<OrganizationDuoUniversalTokenProvider> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
organization.Enabled = true;
|
||||||
|
organization.Use2fa = true;
|
||||||
|
SetUpProperOrganizationDuoUniversalTokenService(null, organization, sutProvider);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var result = await sutProvider.Sut.CanGenerateTwoFactorTokenAsync(organization);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.True(result);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public async Task CanGenerateTwoFactorTokenAsync_DuoTwoFactorNotEnabled_ReturnsFalse(
|
||||||
|
Organization organization, SutProvider<OrganizationDuoUniversalTokenProvider> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
organization.TwoFactorProviders = GetTwoFactorOrganizationDuoProviderNotEnabledJson();
|
||||||
|
organization.Use2fa = true;
|
||||||
|
organization.Enabled = true;
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.HasProperDuoMetadata(Arg.Any<TwoFactorProvider>())
|
||||||
|
.Returns(true);
|
||||||
|
// Act
|
||||||
|
var result = await sutProvider.Sut.CanGenerateTwoFactorTokenAsync(null);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.False(result);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public async Task CanGenerateTwoFactorTokenAsync_BadMetaData_ProviderNull_ReturnsFalse(
|
||||||
|
Organization organization, SutProvider<OrganizationDuoUniversalTokenProvider> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
organization.TwoFactorProviders = GetTwoFactorOrganizationDuoProviderJson();
|
||||||
|
organization.Use2fa = true;
|
||||||
|
organization.Enabled = true;
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.HasProperDuoMetadata(Arg.Any<TwoFactorProvider>())
|
||||||
|
.Returns(false);
|
||||||
|
// Act
|
||||||
|
var result = await sutProvider.Sut.CanGenerateTwoFactorTokenAsync(null);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.False(result);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public async Task GetDuoTwoFactorProvider_OrganizationNull_ReturnsNull(
|
||||||
|
SutProvider<OrganizationDuoUniversalTokenProvider> sutProvider)
|
||||||
|
{
|
||||||
|
// Act
|
||||||
|
var result = await sutProvider.Sut.CanGenerateTwoFactorTokenAsync(null);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.False(result);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public async Task GetDuoTwoFactorProvider_OrganizationNotEnabled_ReturnsNull(
|
||||||
|
Organization organization, SutProvider<OrganizationDuoUniversalTokenProvider> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
SetUpProperOrganizationDuoUniversalTokenService(null, organization, sutProvider);
|
||||||
|
organization.Enabled = false;
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var result = await sutProvider.Sut.CanGenerateTwoFactorTokenAsync(organization);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.False(result);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public async Task GetDuoTwoFactorProvider_OrganizationUse2FAFalse_ReturnsNull(
|
||||||
|
Organization organization, SutProvider<OrganizationDuoUniversalTokenProvider> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
SetUpProperOrganizationDuoUniversalTokenService(null, organization, sutProvider);
|
||||||
|
organization.Use2fa = false;
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var result = await sutProvider.Sut.CanGenerateTwoFactorTokenAsync(organization);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.False(result);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public async Task GetDuoClient_ProviderNull_ReturnsNull(
|
||||||
|
SutProvider<OrganizationDuoUniversalTokenProvider> sutProvider)
|
||||||
|
{
|
||||||
|
// Act
|
||||||
|
var result = await sutProvider.Sut.GenerateAsync(null, default);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.Null(result);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public async Task GetDuoClient_DuoClientNull_ReturnsNull(
|
||||||
|
SutProvider<OrganizationDuoUniversalTokenProvider> sutProvider,
|
||||||
|
Organization organization)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
organization.TwoFactorProviders = GetTwoFactorOrganizationDuoProviderJson();
|
||||||
|
organization.Use2fa = true;
|
||||||
|
organization.Enabled = true;
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.HasProperDuoMetadata(Arg.Any<TwoFactorProvider>())
|
||||||
|
.Returns(true);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.BuildDuoTwoFactorClientAsync(Arg.Any<TwoFactorProvider>())
|
||||||
|
.Returns(null as Duo.Client);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var result = await sutProvider.Sut.GenerateAsync(organization, default);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.Null(result);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public async Task GenerateAsync_ReturnsAuthUrl(
|
||||||
|
SutProvider<OrganizationDuoUniversalTokenProvider> sutProvider,
|
||||||
|
Organization organization,
|
||||||
|
User user,
|
||||||
|
string AuthUrl)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
SetUpProperOrganizationDuoUniversalTokenService(BuildDuoClient(), organization, sutProvider);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.GenerateAuthUrl(Arg.Any<Duo.Client>(), Arg.Any<IDataProtectorTokenFactory<DuoUserStateTokenable>>(), user)
|
||||||
|
.Returns(AuthUrl);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var result = await sutProvider.Sut.GenerateAsync(organization, user);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.NotNull(result);
|
||||||
|
Assert.Equal(AuthUrl, result);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public async Task GenerateAsync_ClientNull_ReturnsNull(
|
||||||
|
SutProvider<OrganizationDuoUniversalTokenProvider> sutProvider,
|
||||||
|
Organization organization,
|
||||||
|
User user)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
SetUpProperOrganizationDuoUniversalTokenService(null, organization, sutProvider);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var result = await sutProvider.Sut.GenerateAsync(organization, user);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.Null(result);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public async Task ValidateAsync_TokenValid_ReturnsTrue(
|
||||||
|
SutProvider<OrganizationDuoUniversalTokenProvider> sutProvider,
|
||||||
|
Organization organization,
|
||||||
|
User user,
|
||||||
|
string token)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
SetUpProperOrganizationDuoUniversalTokenService(BuildDuoClient(), organization, sutProvider);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.RequestDuoValidationAsync(Arg.Any<Duo.Client>(), Arg.Any<IDataProtectorTokenFactory<DuoUserStateTokenable>>(), user, token)
|
||||||
|
.Returns(true);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var result = await sutProvider.Sut.ValidateAsync(token, organization, user);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.True(result);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public async Task ValidateAsync_ClientNull_ReturnsFalse(
|
||||||
|
SutProvider<OrganizationDuoUniversalTokenProvider> sutProvider,
|
||||||
|
Organization organization,
|
||||||
|
User user,
|
||||||
|
string token)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
SetUpProperOrganizationDuoUniversalTokenService(null, organization, sutProvider);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.RequestDuoValidationAsync(Arg.Any<Duo.Client>(), Arg.Any<IDataProtectorTokenFactory<DuoUserStateTokenable>>(), user, token)
|
||||||
|
.Returns(true);
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var result = await sutProvider.Sut.ValidateAsync(token, organization, user);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.False(result);
|
||||||
|
}
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Ensures that the IDuoUniversalTokenService is properly setup for the test.
|
||||||
|
/// This ensures that the private GetDuoClientAsync, and GetDuoTwoFactorProvider
|
||||||
|
/// methods will return true enabling the test to execute on the correct path.
|
||||||
|
///
|
||||||
|
/// BitAutoData cannot create the Duo.Client since it does not have a public constructor
|
||||||
|
/// so we have to use the ClientBUilder(), the client is not used meaningfully in the tests.
|
||||||
|
/// </summary>
|
||||||
|
/// <param name="user">user from calling test</param>
|
||||||
|
/// <param name="sutProvider">self</param>
|
||||||
|
private void SetUpProperOrganizationDuoUniversalTokenService(
|
||||||
|
Duo.Client client, Organization organization, SutProvider<OrganizationDuoUniversalTokenProvider> sutProvider)
|
||||||
|
{
|
||||||
|
organization.TwoFactorProviders = GetTwoFactorOrganizationDuoProviderJson();
|
||||||
|
organization.Enabled = true;
|
||||||
|
organization.Use2fa = true;
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.HasProperDuoMetadata(Arg.Any<TwoFactorProvider>())
|
||||||
|
.Returns(true);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<IDuoUniversalTokenService>()
|
||||||
|
.BuildDuoTwoFactorClientAsync(Arg.Any<TwoFactorProvider>())
|
||||||
|
.Returns(client);
|
||||||
|
}
|
||||||
|
|
||||||
|
private Duo.Client BuildDuoClient()
|
||||||
|
{
|
||||||
|
var clientId = new string('c', 20);
|
||||||
|
var clientSecret = new string('s', 40);
|
||||||
|
return new Duo.ClientBuilder(clientId, clientSecret, "api-abcd1234.duosecurity.com", "redirectUrl").Build();
|
||||||
|
}
|
||||||
|
|
||||||
|
private string GetTwoFactorOrganizationDuoProviderJson()
|
||||||
|
{
|
||||||
|
return
|
||||||
|
"{\"6\":{\"Enabled\":true,\"MetaData\":{\"ClientSecret\":\"secretClientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
|
||||||
|
}
|
||||||
|
|
||||||
|
private string GetTwoFactorOrganizationDuoProviderNotEnabledJson()
|
||||||
|
{
|
||||||
|
return
|
||||||
|
"{\"6\":{\"Enabled\":false,\"MetaData\":{\"ClientSecret\":\"secretClientSecret\",\"ClientId\":\"clientId\",\"Host\":\"example.com\"}}}";
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,91 @@
|
|||||||
|
using Bit.Core.Auth.Identity.TokenProviders;
|
||||||
|
using Bit.Core.Auth.Models;
|
||||||
|
using Bit.Test.Common.AutoFixture;
|
||||||
|
using Bit.Test.Common.AutoFixture.Attributes;
|
||||||
|
using Xunit;
|
||||||
|
|
||||||
|
namespace Bit.Core.Test.Auth.Services;
|
||||||
|
|
||||||
|
[SutProviderCustomize]
|
||||||
|
public class DuoUniversalTokenServiceTests
|
||||||
|
{
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData("", "ClientId", "ClientSecret")]
|
||||||
|
[BitAutoData("api-valid.duosecurity.com", "", "ClientSecret")]
|
||||||
|
[BitAutoData("api-valid.duosecurity.com", "ClientId", "")]
|
||||||
|
public async void ValidateDuoConfiguration_InvalidConfig_ReturnsFalse(
|
||||||
|
string host, string clientId, string clientSecret, SutProvider<DuoUniversalTokenService> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
/* AutoData handles arrangement */
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var result = await sutProvider.Sut.ValidateDuoConfiguration(clientSecret, clientId, host);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.False(result);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData(true, "api-valid.duosecurity.com")]
|
||||||
|
[BitAutoData(false, "invalid")]
|
||||||
|
[BitAutoData(false, "api-valid.duosecurity.com", null, "clientSecret")]
|
||||||
|
[BitAutoData(false, "api-valid.duosecurity.com", "ClientId", null)]
|
||||||
|
[BitAutoData(false, "api-valid.duosecurity.com", null, null)]
|
||||||
|
public void HasProperDuoMetadata_ReturnMatchesExpected(
|
||||||
|
bool expectedResponse, string host, string clientId,
|
||||||
|
string clientSecret, SutProvider<DuoUniversalTokenService> sutProvider)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
var metaData = new Dictionary<string, object> { ["Host"] = host };
|
||||||
|
|
||||||
|
if (clientId != null)
|
||||||
|
{
|
||||||
|
metaData.Add("ClientId", clientId);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (clientSecret != null)
|
||||||
|
{
|
||||||
|
metaData.Add("ClientSecret", clientSecret);
|
||||||
|
}
|
||||||
|
|
||||||
|
var provider = new TwoFactorProvider
|
||||||
|
{
|
||||||
|
MetaData = metaData
|
||||||
|
};
|
||||||
|
|
||||||
|
// Act
|
||||||
|
var result = sutProvider.Sut.HasProperDuoMetadata(provider);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.Equal(result, expectedResponse);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData]
|
||||||
|
public void HasProperDuoMetadata_ProviderIsNull_ReturnsFalse(
|
||||||
|
SutProvider<DuoUniversalTokenService> sutProvider)
|
||||||
|
{
|
||||||
|
// Act
|
||||||
|
var result = sutProvider.Sut.HasProperDuoMetadata(null);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.False(result);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[BitAutoData("api-valid.duosecurity.com", true)]
|
||||||
|
[BitAutoData("api-valid.duofederal.com", true)]
|
||||||
|
[BitAutoData("invalid", false)]
|
||||||
|
public void ValidDuoHost_HostIsValid_ReturnTrue(
|
||||||
|
string host, bool expectedResponse)
|
||||||
|
{
|
||||||
|
// Act
|
||||||
|
var result = DuoUniversalTokenService.ValidDuoHost(host);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.Equal(result, expectedResponse);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
@ -28,7 +28,7 @@ namespace Bit.Identity.IntegrationTest.Endpoints;
|
|||||||
|
|
||||||
public class IdentityServerTwoFactorTests : IClassFixture<IdentityApplicationFactory>
|
public class IdentityServerTwoFactorTests : IClassFixture<IdentityApplicationFactory>
|
||||||
{
|
{
|
||||||
const string _organizationTwoFactor = """{"6":{"Enabled":true,"MetaData":{"IKey":"DIEFB13LB49IEB3459N2","SKey":"0ZnsZHav0KcNPBZTS6EOUwqLPoB0sfMd5aJeWExQ","Host":"api-example.duosecurity.com"}}}""";
|
const string _organizationTwoFactor = """{"6":{"Enabled":true,"MetaData":{"ClientId":"DIEFB13LB49IEB3459N2","ClientSecret":"0ZnsZHav0KcNPBZTS6EOUwqLPoB0sfMd5aJeWExQ","Host":"api-example.duosecurity.com"}}}""";
|
||||||
const string _testEmail = "test+2farequired@email.com";
|
const string _testEmail = "test+2farequired@email.com";
|
||||||
const string _testPassword = "master_password_hash";
|
const string _testPassword = "master_password_hash";
|
||||||
const string _userEmailTwoFactor = """{"1": { "Enabled": true, "MetaData": { "Email": "test+2farequired@email.com"}}}""";
|
const string _userEmailTwoFactor = """{"1": { "Enabled": true, "MetaData": { "Email": "test+2farequired@email.com"}}}""";
|
||||||
@ -338,6 +338,7 @@ public class IdentityServerTwoFactorTests : IClassFixture<IdentityApplicationFac
|
|||||||
{
|
{
|
||||||
MemberDecryptionType = MemberDecryptionType.MasterPassword,
|
MemberDecryptionType = MemberDecryptionType.MasterPassword,
|
||||||
};
|
};
|
||||||
|
|
||||||
await CreateSsoOrganizationAndUserAsync(
|
await CreateSsoOrganizationAndUserAsync(
|
||||||
localFactory, ssoConfigData, challenge, _testEmail, orgTwoFactor: _organizationTwoFactor);
|
localFactory, ssoConfigData, challenge, _testEmail, orgTwoFactor: _organizationTwoFactor);
|
||||||
|
|
||||||
|
@ -1,8 +1,6 @@
|
|||||||
using Bit.Core;
|
using Bit.Core.AdminConsole.Entities;
|
||||||
using Bit.Core.AdminConsole.Entities;
|
|
||||||
using Bit.Core.Auth.Enums;
|
using Bit.Core.Auth.Enums;
|
||||||
using Bit.Core.Auth.Identity;
|
using Bit.Core.Auth.Identity.TokenProviders;
|
||||||
using Bit.Core.Auth.Models;
|
|
||||||
using Bit.Core.Auth.Models.Business.Tokenables;
|
using Bit.Core.Auth.Models.Business.Tokenables;
|
||||||
using Bit.Core.Context;
|
using Bit.Core.Context;
|
||||||
using Bit.Core.Entities;
|
using Bit.Core.Entities;
|
||||||
@ -28,8 +26,7 @@ public class TwoFactorAuthenticationValidatorTests
|
|||||||
{
|
{
|
||||||
private readonly IUserService _userService;
|
private readonly IUserService _userService;
|
||||||
private readonly UserManagerTestWrapper<User> _userManager;
|
private readonly UserManagerTestWrapper<User> _userManager;
|
||||||
private readonly IOrganizationDuoWebTokenProvider _organizationDuoWebTokenProvider;
|
private readonly IOrganizationDuoUniversalTokenProvider _organizationDuoUniversalTokenProvider;
|
||||||
private readonly ITemporaryDuoWebV4SDKService _temporaryDuoWebV4SDKService;
|
|
||||||
private readonly IFeatureService _featureService;
|
private readonly IFeatureService _featureService;
|
||||||
private readonly IApplicationCacheService _applicationCacheService;
|
private readonly IApplicationCacheService _applicationCacheService;
|
||||||
private readonly IOrganizationUserRepository _organizationUserRepository;
|
private readonly IOrganizationUserRepository _organizationUserRepository;
|
||||||
@ -42,8 +39,7 @@ public class TwoFactorAuthenticationValidatorTests
|
|||||||
{
|
{
|
||||||
_userService = Substitute.For<IUserService>();
|
_userService = Substitute.For<IUserService>();
|
||||||
_userManager = SubstituteUserManager();
|
_userManager = SubstituteUserManager();
|
||||||
_organizationDuoWebTokenProvider = Substitute.For<IOrganizationDuoWebTokenProvider>();
|
_organizationDuoUniversalTokenProvider = Substitute.For<IOrganizationDuoUniversalTokenProvider>();
|
||||||
_temporaryDuoWebV4SDKService = Substitute.For<ITemporaryDuoWebV4SDKService>();
|
|
||||||
_featureService = Substitute.For<IFeatureService>();
|
_featureService = Substitute.For<IFeatureService>();
|
||||||
_applicationCacheService = Substitute.For<IApplicationCacheService>();
|
_applicationCacheService = Substitute.For<IApplicationCacheService>();
|
||||||
_organizationUserRepository = Substitute.For<IOrganizationUserRepository>();
|
_organizationUserRepository = Substitute.For<IOrganizationUserRepository>();
|
||||||
@ -54,8 +50,7 @@ public class TwoFactorAuthenticationValidatorTests
|
|||||||
_sut = new TwoFactorAuthenticationValidator(
|
_sut = new TwoFactorAuthenticationValidator(
|
||||||
_userService,
|
_userService,
|
||||||
_userManager,
|
_userManager,
|
||||||
_organizationDuoWebTokenProvider,
|
_organizationDuoUniversalTokenProvider,
|
||||||
_temporaryDuoWebV4SDKService,
|
|
||||||
_featureService,
|
_featureService,
|
||||||
_applicationCacheService,
|
_applicationCacheService,
|
||||||
_organizationUserRepository,
|
_organizationUserRepository,
|
||||||
@ -439,7 +434,7 @@ public class TwoFactorAuthenticationValidatorTests
|
|||||||
string token)
|
string token)
|
||||||
{
|
{
|
||||||
// Arrange
|
// Arrange
|
||||||
_organizationDuoWebTokenProvider.ValidateAsync(
|
_organizationDuoUniversalTokenProvider.ValidateAsync(
|
||||||
token, organization, user).Returns(true);
|
token, organization, user).Returns(true);
|
||||||
|
|
||||||
_userManager.TWO_FACTOR_ENABLED = true;
|
_userManager.TWO_FACTOR_ENABLED = true;
|
||||||
@ -457,70 +452,6 @@ public class TwoFactorAuthenticationValidatorTests
|
|||||||
Assert.True(result);
|
Assert.True(result);
|
||||||
}
|
}
|
||||||
|
|
||||||
[Theory]
|
|
||||||
[BitAutoData(TwoFactorProviderType.Duo)]
|
|
||||||
[BitAutoData(TwoFactorProviderType.OrganizationDuo)]
|
|
||||||
public async void VerifyTwoFactorAsync_TemporaryDuoService_ValidToken_ReturnsTrue(
|
|
||||||
TwoFactorProviderType providerType,
|
|
||||||
User user,
|
|
||||||
Organization organization,
|
|
||||||
string token)
|
|
||||||
{
|
|
||||||
// Arrange
|
|
||||||
_featureService.IsEnabled(FeatureFlagKeys.DuoRedirect).Returns(true);
|
|
||||||
_userService.TwoFactorProviderIsEnabledAsync(providerType, user).Returns(true);
|
|
||||||
_temporaryDuoWebV4SDKService.ValidateAsync(
|
|
||||||
token, Arg.Any<TwoFactorProvider>(), user).Returns(true);
|
|
||||||
|
|
||||||
user.TwoFactorProviders = GetTwoFactorIndividualProviderJson(providerType);
|
|
||||||
organization.Use2fa = true;
|
|
||||||
organization.TwoFactorProviders = GetTwoFactorOrganizationDuoProviderJson();
|
|
||||||
organization.Enabled = true;
|
|
||||||
|
|
||||||
_userManager.TWO_FACTOR_ENABLED = true;
|
|
||||||
_userManager.TWO_FACTOR_TOKEN = token;
|
|
||||||
_userManager.TWO_FACTOR_TOKEN_VERIFIED = true;
|
|
||||||
|
|
||||||
// Act
|
|
||||||
var result = await _sut.VerifyTwoFactor(
|
|
||||||
user, organization, providerType, token);
|
|
||||||
|
|
||||||
// Assert
|
|
||||||
Assert.True(result);
|
|
||||||
}
|
|
||||||
|
|
||||||
[Theory]
|
|
||||||
[BitAutoData(TwoFactorProviderType.Duo)]
|
|
||||||
[BitAutoData(TwoFactorProviderType.OrganizationDuo)]
|
|
||||||
public async void VerifyTwoFactorAsync_TemporaryDuoService_InvalidToken_ReturnsFalse(
|
|
||||||
TwoFactorProviderType providerType,
|
|
||||||
User user,
|
|
||||||
Organization organization,
|
|
||||||
string token)
|
|
||||||
{
|
|
||||||
// Arrange
|
|
||||||
_featureService.IsEnabled(FeatureFlagKeys.DuoRedirect).Returns(true);
|
|
||||||
_userService.TwoFactorProviderIsEnabledAsync(providerType, user).Returns(true);
|
|
||||||
_temporaryDuoWebV4SDKService.ValidateAsync(
|
|
||||||
token, Arg.Any<TwoFactorProvider>(), user).Returns(true);
|
|
||||||
|
|
||||||
user.TwoFactorProviders = GetTwoFactorIndividualProviderJson(providerType);
|
|
||||||
organization.Use2fa = true;
|
|
||||||
organization.TwoFactorProviders = GetTwoFactorOrganizationDuoProviderJson();
|
|
||||||
organization.Enabled = true;
|
|
||||||
|
|
||||||
_userManager.TWO_FACTOR_ENABLED = true;
|
|
||||||
_userManager.TWO_FACTOR_TOKEN = token;
|
|
||||||
_userManager.TWO_FACTOR_TOKEN_VERIFIED = false;
|
|
||||||
|
|
||||||
// Act
|
|
||||||
var result = await _sut.VerifyTwoFactor(
|
|
||||||
user, organization, providerType, token);
|
|
||||||
|
|
||||||
// Assert
|
|
||||||
Assert.True(result);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static UserManagerTestWrapper<User> SubstituteUserManager()
|
private static UserManagerTestWrapper<User> SubstituteUserManager()
|
||||||
{
|
{
|
||||||
return new UserManagerTestWrapper<User>(
|
return new UserManagerTestWrapper<User>(
|
||||||
|
Loading…
Reference in New Issue
Block a user